我的问题有点不寻常,我正在努力创建一个自定义的@RestController
,每次为我的应用程序启动一个不同范围的OAuth2登录过程?
更具体地说,我有一个这样的示例配置:
spring:
security:
oauth2:
client:
registration:
my-client:
clientId: client1
clientSecret: some-password
// Basic the property `scope` is not provided here, but in the controller
provider:
my-client:
authorizationUri: https://somehost.com/oauth
userInfoUri: https://somehost.com/data
tokenUri: https://somehost.com/oauth/token
redirectUri: https://somehost.com/oauth
authorizationGrantType: authorization_code
clientAuthenticationMethod: client_secret_post
我想要创建的是一个API端点,它充当代理端点,根据提供的scope
将用户移动到登录页面。
@GetMapping(path="/redirect-to-login")
public ResponseEntity<?> proxyLogin(@RequestParam("scope") final String scope) {
log.info("Received scope: {}", scope);
// TODO: What needs to happen here, is that I need to generate a new login here
// TODO: for the requested OAuth2 Client scope and redirect the user to the login page of
// TODO: the provider with the scope.
}
我尝试接收OAuth2ClientRegistrationRepository
的所有客户端注册,并尝试扩展它以提供该范围,但我无法弄清楚。
1条答案
按热度按时间xqkwcwgp1#
您可以为所需的每个“登录配置文件”定义注册:
然后,前端通过在正确的URI处重定向来启动
authorization_code
流:/oauth2/authorization/{registration-id}
(设置一个路径值,而不是您调用的请求参数scope的值)