我试图在Sping Boot Angular应用程序中使用Google实现OAuth2身份验证,但我收到一个“invalid_request”错误,并显示消息“client_secret is missing”。我在application.yml文件中配置了client_id和client_secret,如下所示:
spring:
security:
oauth2:
client:
registration:
google:
clientId: <my-client-id>
clientSecret: <my-client-secret>
然而,似乎在OAuth2授权请求中没有正确传递client_secret。我已经为Spring RestTemplate启用了调试日志记录,日志显示请求中缺少client_secret:
HTTP POST https://www.googleapis.com/oauth2/v4/token
Writing [{grant_type=[authorization_code], code=[4/0EWygzh84wyVNXT4HcB_OaRr465vKH-a8mnQW5AuqCFA9uRVkbkvEMmq3RpV-qVxl1h1xgg], redirect_uri=[http://localhost:8014/demo/login/oauth2/code/google], client_id=[<my-client-id>]}] as "application/x-www-form-urlencoded;charset=UTF-8"
我不知道是什么原因导致这个问题。任何帮助将不胜感激。谢谢!
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate(OidcAuthorizationCodeAuthenticationProvider.java:144):
有这样一条线:
OAuth2AccessTokenResponse accessTokenResponse = getResponse(authorizationCodeAuthentication);
并且在authorizationCodeAuthentication中我有clientRegistration,它有客户端密钥!!!:
ClientRegistration{registrationId='google', clientId='<my-client-id>', clientSecret='<my-client-secret>', clientAuthenticationMethod=org.springframework.security.oauth2.core.ClientAuthenticationMethod@4fcef9d3, authorizationGrantType=org.springframework.security.oauth2.core.AuthorizationGrantType@5da5e9f3, redirectUri='{baseUrl}/{action}/oauth2/code/{registrationId}', scopes=[openid, profile, email], providerDetails=org.springframework.security.oauth2.client.registration.ClientRegistration$ProviderDetails@4ec90377, clientName='Google'}
1条答案
按热度按时间soat7uwm1#
遇到同样的问题,请确保您正在使用:
应用程序中的
clientAuthenticationMethod: client_secret_post
。ymlpost
在Spring Security 5.5中被弃用,转而支持client_secret_post
供参考:https://github.com/spring-projects/spring-security/issues/9220