我一直在尝试用spring Boot 设置twitter oauth2 PKCE身份验证。问题是code_verifier参数没有被spring security获取。我是否必须配置一个bean,以便代码验证器被选中?有没有一种方法可以自定义ReactiveOAuth2AccessTokenResponseClient来自定义向令牌端点发送的主体?
下面是我的Spring安全配置:
public SecurityWebFilterChain securityWebFilterChain(
ServerHttpSecurity http) {
return http.authorizeExchange()
.anyExchange().authenticated()
.and().oauth2Login().and().build();
}
security:
oauth2:
client:
registration:
twitter:
client-id: xxx
client-secret: xxx
authorization-grant-type: authorization_code
redirect-uri: http://localhost:8080/login/oauth2/code/twitter
provider:
twitter:
authorization-uri: https://twitter.com/i/oauth2/authorize?response_type=code&client_id=xxx&redirect_uri=http://localhost:8080/login/oauth2/code/twitter&scope=tweet.read%20users.read%20follows.read%20follows.write&code_challenge=challenge&code_challenge_method=plain
token-uri: https://api.twitter.com/2/oauth2/token
user-info-uri: https://api.twitter.com/2/users/me
user-name-attribute: data
1条答案
按热度按时间c2e8gylq1#
对于仍在寻找答案的人:您可以通过覆盖
WebClientReactiveAuthorizationCodeTokenResponseClient
bean并使用setParameter
方法来自定义令牌请求主体。下面是一个例子: