Spring 访问资源服务器的 OAuth2RestTemplate 给出 401 Unauthorized
Spring OAuth2RestTemplate for accessing resource server gives 401 Unauthorized
我正在尝试让 OAuth2Client 使用 authorization_code 授权类型,我可以授权用户并重定向 url,但是当我尝试使用 OAuth2RestTemplate 访问资源时,我得到 401 UnAuthorized
我需要为 OAuth2RestTemplate 做些什么来添加授权 header 吗?我认为 Spring-oauth2 会自行将 header 添加到 OAuthRestTemplate
也通过 TRACE 日志记录进行了验证
@GetMapping("/")
public OAuth2User hello(@AuthenticationPrincipal OAuth2User oAuth2User){
logger.info("User="+oAuth2User.getAttributes().get("unique_name"));
String response = oAuth2RestTemplate.getForObject("https://localhost:8090/me", String.class);
return oAuth2User;
}
@Bean
public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext) {
return new OAuth2RestTemplate(azureDetails(),oauth2ClientContext);
}
@Bean
public AuthorizationCodeResourceDetails azureDetails() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setClientId("myclientId");
details.setClientSecret("myclientsecret");
details.setAccessTokenUri("https://login.microsoftonline.com/common/oauth2/token");
details.setUserAuthorizationUri("https://login.microsoftonline.com/common/oauth2/authorize");
details.setScope(Arrays.asList("openid","profile","User.Read","Calendars.Read","Chat.Read","Files.Read","Mail.Read","Notes.Read","Tasks.Read"));
return details;
}
OAuth2RestTemplate 应该在 MS Graph API 上执行 GET 并获得响应
您需要更新您的 AccessTokenUri 和 UserAuthorizationUri,您的 AccessTokenUri 应该是 https://login.microsoftonline.com/common/oauth2/v2.0/token,您的 UserAuthorizationUri 应该是 https://login.microsoftonline.com/common/oauth2/v2.0/authorize。更多详情请参考https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow。
我正在尝试让 OAuth2Client 使用 authorization_code 授权类型,我可以授权用户并重定向 url,但是当我尝试使用 OAuth2RestTemplate 访问资源时,我得到 401 UnAuthorized 我需要为 OAuth2RestTemplate 做些什么来添加授权 header 吗?我认为 Spring-oauth2 会自行将 header 添加到 OAuthRestTemplate
也通过 TRACE 日志记录进行了验证
@GetMapping("/")
public OAuth2User hello(@AuthenticationPrincipal OAuth2User oAuth2User){
logger.info("User="+oAuth2User.getAttributes().get("unique_name"));
String response = oAuth2RestTemplate.getForObject("https://localhost:8090/me", String.class);
return oAuth2User;
}
@Bean
public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext) {
return new OAuth2RestTemplate(azureDetails(),oauth2ClientContext);
}
@Bean
public AuthorizationCodeResourceDetails azureDetails() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setClientId("myclientId");
details.setClientSecret("myclientsecret");
details.setAccessTokenUri("https://login.microsoftonline.com/common/oauth2/token");
details.setUserAuthorizationUri("https://login.microsoftonline.com/common/oauth2/authorize");
details.setScope(Arrays.asList("openid","profile","User.Read","Calendars.Read","Chat.Read","Files.Read","Mail.Read","Notes.Read","Tasks.Read"));
return details;
}
OAuth2RestTemplate 应该在 MS Graph API 上执行 GET 并获得响应
您需要更新您的 AccessTokenUri 和 UserAuthorizationUri,您的 AccessTokenUri 应该是 https://login.microsoftonline.com/common/oauth2/v2.0/token,您的 UserAuthorizationUri 应该是 https://login.microsoftonline.com/common/oauth2/v2.0/authorize。更多详情请参考https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow。