1

我已将授权服务器配置为 public void configure(ClientDetailsS​​erviceConfigurer clients) throws Exception {

    clients.inMemory()
            .withClient("clientID")
            .authorizedGrantTypes("client-credentials", "password","refresh_token")
            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
            .scopes("read", "write", "trust")
            .resourceIds("oauth2-resource")
            .accessTokenValiditySeconds(120)
            .refreshTokenValiditySeconds(300)
            .secret("secret");

}

那么,基于这个配置,我怎样才能从 angular2 应用程序中获取 access_token 呢?

4

1 回答 1

0

使用client_credentials模式access_token从端点获取/oauth/token(如果您使用的是默认值)。

HTTP POST 参数:

  • 授予类型:client_credentials
  • client_id:(clientID来自您的配置)
  • client_secret:(secret来自您的配置)

响应结果如下:

{
    "access_token": "token...",
    "token_type": "bearer",
    "expires_in": 43199,
    "scope": "read write trust",
    "jti": "da2969c9-36e1-4177-b85e-71ed4217a036"
}

客户端配置(扩展名AuthorizationServerConfigurerAdapter):

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.allowFormAuthenticationForClients();
}

建议:

如果您想要用户登录,请考虑password授予模式。

另请参阅 RFC6749 client_credentials

于 2017-11-28T06:18:06.720 回答