oauth2.0 OpenID Connect身份验证请求受限

y4ekin9u  于 2023-10-15  发布在  其他
关注(0)|答案(1)|浏览(213)

我在为应用程序https://github.com/Cruelkid/guitar-cloud/tree/develop配置OAuth2登录时遇到问题

2023-04-02T11:52:28.856+03:00 DEBUG 3866 --- [nio-9000-exec-2] org.apache.tomcat.util.http.Parameters   : Start processing with input [response_type=code&client_id=guitar-cloud-client&scope=openid&state=P3j3mwpUvm1UR_tVYjWelCDGauVZxf4ZOOcUyFVSc00%3D&redirect_uri=http://127.0.0.1:8080/login/oauth2/code/guitar-cloud-client-oidc&nonce=D-qBrlre2P-il99B1HW8ejFWfMR1fQHB2QG7WRHydNc]
2023-04-02T11:52:28.857+03:00 DEBUG 3866 --- [nio-9000-exec-2] .s.a.DefaultAuthenticationEventPublisher : No event was found for the exception org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException
2023-04-02T11:52:28.857+03:00 DEBUG 3866 --- [nio-9000-exec-2] o.s.s.web.DefaultRedirectStrategy        : Redirecting to `http://127.0.0.1:8080/login/oauth2/code/guitar-cloud-client-oidc?error=invalid_scope&error_description=OpenID%20Connect%201.0%20authentication%20requests%20are%20restricted.&error_uri=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc6749%23section-4.1.2.1&state=P3j3mwpUvm1UR_tVYjWelCDGauVZxf4ZOOcUyFVSc00%3D`

在结束这样的代码之前,我面临着类似的问题,但使用的是认证服务器,但我已经发现这与默认OIDC 1.0禁用有关,但添加这段代码修复了该错误:

http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                .oidc(Customizer.withDefaults());

不幸的是,对于API客户端,我还没有找到一种方法来做类似的事情

igetnqfo

igetnqfo1#

@Configuration(proxyBeanMethods = false)
public class MyAuthorizationServerConfig {
    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityFilterChain authorizationServerSecurityFilterChain(
            HttpSecurity http, RegisteredClientRepository registeredClientRepository,
            AuthorizationServerSettings authorizationServerSettings) throws Exception {

        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);

        http
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        )
                )
                .oauth2ResourceServer(oauth2ResourceServer ->
                        oauth2ResourceServer.jwt(Customizer.withDefaults()));

        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                .oidc(Customizer.withDefaults());

        return http.build();
    }
}

相关问题