如何访问控制器中的oauth2不透明令牌

vltsax25  于 2021-09-29  发布在  Java
关注(0)|答案(1)|浏览(318)

我有一个api,它使用 OKTA 用于身份验证。我需要 opaque token 因此,我可以代表用户访问okta API。如何访问控制器中的不透明令牌?

oogrdqng

oogrdqng1#

我找到了这个。
我创建了这个ExchangeFilter函数:

private ExchangeFilterFunction myExchangeFilterFunction(OAuth2AuthorizedClientService clientService) {
    return new ExchangeFilterFunction() {
        @Override
        public Mono<ClientResponse> filter(ClientRequest request, ExchangeFunction next) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

            OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;

            OAuth2AuthorizedClient client = clientService.loadAuthorizedClient(
                    oauthToken.getAuthorizedClientRegistrationId(),
                    oauthToken.getName());

            String accessToken = client.getAccessToken().getTokenValue();

            ClientRequest newRequest = ClientRequest.from(request)
                    .headers((headers) -> headers.setBearerAuth(accessToken))
                    .build();

            return next.exchange(newRequest);
        }
    };
}

相关问题