我在Java 11中具有Spring Security和google oauth登录的工作代码
@GetMapping("/google/integration")
public String googleIntegracionUsuario(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient user, HttpServletRequest request, HttpServletResponse response) {
System.out.println("\n\n RefreshToken: " + user.getRefreshToken().getTokenValue());
System.out.println("\n\n AccessToken: " + user.getAccessToken().getTokenValue());
return "hello user";
}
在@Configuration中
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors().and().csrf().disable()
.authorizeRequests()
.antMatchers("/google/integration").authenticated()
.anyRequest().permitAll()
.and()
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(new CustomAuthorizationRequestResolver(
this.clientRegistrationRepository));
}
在CustomAuthorizationRequestResolver中
public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;
public CustomAuthorizationRequestResolver(
ClientRegistrationRepository clientRegistrationRepository) {
this.defaultAuthorizationRequestResolver =
new DefaultOAuth2AuthorizationRequestResolver(
clientRegistrationRepository, "/oauth2/authorization");
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
final OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request);
return authorizationRequest != null ? customAuthorizationRequest(authorizationRequest) : null;
}
@Override
public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
final OAuth2AuthorizationRequest authorizationRequest = this.defaultAuthorizationRequestResolver.resolve(request, clientRegistrationId);
return authorizationRequest != null ? customAuthorizationRequest(authorizationRequest) : null;
}
private OAuth2AuthorizationRequest customAuthorizationRequest(OAuth2AuthorizationRequest authorizationRequest) {
Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
additionalParameters.put("access_type", "offline");
return OAuth2AuthorizationRequest.from(authorizationRequest)
.additionalParameters(additionalParameters)
.build();
}
}
并在.properties中
spring.security.oauth2.client.registration.google.client-id=clientIdValue
spring.security.oauth2.client.registration.google.client-secret=clientSecret
spring.security.oauth2.client.registration.google.scope=https://www.googleapis.com/auth/calendar,email,https://www.googleapis.com/auth/contacts.readonly
问题在于,在localhost上进行测试时,一切运行顺利,但是将项目上载到远程服务器时,刷新令牌为NULL!
我没有远程服务器的域,但是我已经编辑了/ etc / hosts为远程服务器的公共IP提供别名,并且我将该别名添加到了Google控制台开发人员的url重定向中
在远程服务器中,登录正常工作,并且用户实际上使用他/她的Google帐户登录,实际上我可以在远程服务器中获得该用户的有效accessToken,但是找不到刷新令牌,该值只是作为空!
System.out.println("\n\n AccessToken: " + uuser.getAccessToken().getTokenValue());
//prints: AccessToken: 'AccessToken value' in localhost and remoteServer
System.out.println("\n\n AccessToken: " + user.getRefreshToken().getTokenValue());
//prints: RefreshToken: 'RefreshToken value' in localhost
//Throws NullPointerException in remoteServer
最佳答案
我发现远程服务器中的刷新令牌仅在用户首次登录时才获取值,这是oauth2框架的预期行为。
但是我不知道为什么每次在本地主机中每次都始终获取刷新令牌,这就是让我感到困惑的原因,我想是因为它没有绑定到特定的URL