1

首先作为初学者开始使用 oAuth2,我运行 sparklr2 示例,它工作正常,然后我尝试测试一些不同类型的授权场景。

作为参考 AuthorizationServerConfiguration 类的配置方法是:

public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        // @formatter:off
        clients
            .inMemory()
                .withClient("esirius")
                .resourceIds(RESOURCE_ID)
                .authorizedGrantTypes("authorization_code", "implicit")
                .authorities("ROLE_CLIENT")
                .scopes("read", "write", "trust")
                .secret("secret")
            .and()
                .withClient("esirius-with-redirect")
                .resourceIds(RESOURCE_ID)
                .authorizedGrantTypes("authorization_code", "implicit")
                .authorities("ROLE_CLIENT")
                .scopes("read", "write")
                .secret("secret")
                .redirectUris(esiriusRedirectUri)
            .and()
                .withClient("my-client-with-registered-redirect")
                .resourceIds(RESOURCE_ID)
                .authorizedGrantTypes("authorization_code", "client_credentials")
                .authorities("ROLE_CLIENT")
                .scopes("read", "trust")
                .redirectUris("http://anywhere?key=value")
            .and()
                .withClient("my-trusted-client")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
                .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
                .scopes("read", "write", "trust")
                .accessTokenValiditySeconds(60)
            .and()
                .withClient("my-trusted-client-with-secret")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
                .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
                .scopes("read", "write", "trust")
                .secret("somesecret")
            .and()
                .withClient("my-less-trusted-client")
                .authorizedGrantTypes("authorization_code", "implicit")
                .authorities("ROLE_CLIENT")
                .scopes("read", "write", "trust")
            .and()
                .withClient("my-less-trusted-autoapprove-client")
                .authorizedGrantTypes("implicit")
                .authorities("ROLE_CLIENT")
                .scopes("read", "write", "trust")
                .autoApprove(true);
        // @formatter:on
    }

我在运行 curl 时成功的第一个是 grant_type=client_credentials

%curl% -i -X POST "http://localhost:8002/oauth/token" -H "Accept: application/json" -u "my-client-with-registered-redirect:" -d "grant_type=client_credentials" -d "scope=read"

回复 :

{"access_token":"3735d098-fb33-48da-8f87-a950e4bd3df2","token_type":"bearer","expires_in":43199,"scope":"read"}

现在我正在尝试测试 grant_type=password 场景:

%curl% -i  -d "client_id=my-trusted-client" -d "username=marissa" -d "password=koala" -d "grant_type=password" -d "redirect_uri=http://a-dreuz/callback"  -H "Accept: application/json"  -X POST http://localhost:8002/oauth/token

并得到回应:

{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}

我已经测试了很多组合都没有成功,这个请求有什么问题?我发现这是使用 curl 手动测试请求以了解使用 oAuth2 的不同场景的好方法。

谢谢您的帮助。

4

1 回答 1

0

您尚未对客户端进行身份验证。您在第一个示例中进行了操作,因此您知道如何操作(只需将-u参数复制到第二个示例中)。

此外,密码授权中没有重定向 URI,因此该参数将被忽略并且可以省略(客户端 ID 也可以)。

于 2016-01-11T09:02:41.347 回答