Huawei OAuth 2.0 with Spring Security导致“missing required parameter:客户端ID”

ssm49v7z  于 2023-10-15  发布在  Spring
关注(0)|答案(1)|浏览(182)

Spring Security配置如下:

spring:
  security:
    oauth2:
      client:
        registration:
          huawei:
            client_id: blablabla
            client-secret: blablabla
            redirect-uri: 'http://localhost:8080/login/oauth2/code/huawei'
            scope: openid
        huawei:
          authorization-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/authorize
          token-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/token
          user-info-uri: https://oauth-login.cloud.huawei.com/oauth2/v3/userinfo
          user-name-attribute: login

相同的配置可以很好地与大量不同的OAuth Provider配合使用,我看到Spring向华为OAuth Provider发送了正确的请求:

20:27:23.497 [parallel-5] DEBUG o.s.s.w.s.DefaultServerRedirectStrategy - Redirecting to 'https://oauth-login.cloud.huawei.com/oauth2/v3/authorize?response_type=code&client_id=<MY ID HERE>&scope=openid&state=<...>&redirect_uri=http://localhost:8080/login/oauth2/code/huawei&nonce=<...>'

但是Spring收到了一个错误的响应:

[{sub_error=20001, error_description=missing required parameter: client_id, error=1102}]

Short answer is here用于自定义OAuth客户端,并且与x-www-form-urlencoded中预期的clientId相关,但问题仍然存在:如何更改我的Spring Security配置以使其工作?

lymnna71

lymnna711#

  • Spring Security configuration* 在provider级别上具有属性user-info-authentication-method。它配置了一种将clientIdclientSecret传递到OAuth2 Server的方法。user-info-authentication-method具有以下值:
  • header(默认值)
  • 形式
  • 查询

所以华为OAuth2需要使用form

相关问题