我需要在提供程序中同时使用 Facebook 和 Google 作为 OpenId Sing。我已使用 SocialAuthenticationFilter 将它们与 Spring Security 集成,如文档中所述并查看示例应用程序。
我已成功配置 Facebook。
问题是当我尝试使用 Google 进行身份验证时:
在OAuth2AuthenticationService.getAuthToken():
...
AccessGrant accessGrant = getConnectionFactory().getOAuthOperations().exchangeForAccess(code, returnToUrl, null);
此时我可以看到 accessGrant 包含一个 accessToken,所以到目前为止它似乎是正确的。它在以下调用中失败:
// TODO avoid API call if possible (auth using token would be fine)
Connection<S> connection = getConnectionFactory().createConnection(accessGrant);
createConnection()最终调用GoogleConnectionFactory.extractProviderUserId(AccessGrant accessGrant):
Google api = ((GoogleServiceProvider)getServiceProvider()).getApi(accessGrant.getAccessToken());
UserProfile userProfile = getApiAdapter().fetchUserProfile(api);
...
并且getApiAdapter().fetchUserProfile(Google)->google.plusOperations().getGoogleProfile();抛出 403 异常:
org.springframework.web.client.HttpClientErrorException: 403 Forbidden
为什么它无法获取 Google 个人资料?显然我设置的范围和提示给用户的内容是正确的......
完整的项目可在此处获得:https ://github.com/codependent/spring-boot-social-signin
配置摘录:
安全配置:
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/secure*").authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
//.loginProcessingUrl("/secure-home")
.failureUrl("/login?param.error=bad_credentials")
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.and()
/*.rememberMe()
.and()*/
.apply(new SpringSocialConfigurer());
}
@Bean
public SocialUserDetailsService socialUserDetailsService(){
return new SocialUserDetailsService(){
@Override
public SocialUserDetails loadUserByUserId(String userId) throws UsernameNotFoundException{
return new SimpleSocialUserDetails(userId);
}
}
}
}
社会配置:
@Configuration
@EnableSocial
class SocialConfig extends SocialConfigurerAdapter{
@Override
void addConnectionFactories(ConnectionFactoryConfigurer cfConfig, Environment env) {
FacebookConnectionFactory fcf = new FacebookConnectionFactory(env.getProperty("facebook.clientId"), env.getProperty("facebook.clientSecret"))
fcf.setScope("public_profile,email")
cfConfig.addConnectionFactory(fcf)
GoogleConnectionFactory gcf = new GoogleConnectionFactory(env.getProperty("google.clientId"), env.getProperty("google.clientSecret"))
gcf.setScope("openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo#email https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/tasks https://www-opensocial.googleusercontent.com/api/people https://www.googleapis.com/auth/plus.login");
cfConfig.addConnectionFactory(gcf);
}
@Bean
@Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES)
Facebook facebook(ConnectionRepository repository) {
Connection<Facebook> connection = repository.findPrimaryConnection(Facebook.class);
return connection != null ? connection.getApi() : null;
}
@Bean
@Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES)
Google google(ConnectionRepository repository) {
Connection<Google> connection = repository.findPrimaryConnection(Google.class);
return connection != null ? connection.getApi() : null;
}
@Override
UsersConnectionRepository getUsersConnectionRepository(ConnectionFactoryLocator connectionFactoryLocator) {
//return new JdbcUsersConnectionRepository(dataSource, connectionFactoryLocator, Encryptors.noOpText());
InMemoryUsersConnectionRepository rep = new InMemoryUsersConnectionRepository(connectionFactoryLocator)
rep.setConnectionSignUp(new ConnectionSignUp(){
public String execute(Connection<?> connection){
Facebook facebook = (Facebook)connection.getApi();
String [] fields = [ "id", "email", "first_name", "last_name", "about" , "gender" ];
User userProfile = facebook.fetchObject(connection.getKey().getProviderUserId(), User.class, fields);
return userProfile.getEmail();
}
})
return rep;
}
@Override
UserIdSource getUserIdSource() {
return new AuthenticationNameUserIdSource()
}
}