# oauth2-client-credentials **Repository Path**: webdevelop/oauth2-client-credentials ## Basic Information - **Project Name**: oauth2-client-credentials - **Description**: No description available - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2018-11-27 - **Last Updated**: 2020-12-18 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README ### 没有token请求资源 ```bash curl -i -H "Accept: application/json" -X GET http://localhost:8080/api/test ``` 返回 ```json HTTP/1.1 401 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Cache-Control: no-store Pragma: no-cache WWW-Authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="An Authentication object was not found in the SecurityContext" Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Tue, 27 Nov 2018 05:48:35 GMT {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"} ``` ### client_credentials请求授权 ```bash curl -H "Accept: application/json" demoApp:demoAppSecret@localhost:8080/oauth/token -d grant_type=client_credentials ``` 或 ```bash curl -H "Accept: application/json" http://localhost:8080/oauth/token -d "grant_type=client_credentials&client_id=demoApp&client_secret=demoAppSecret" ``` 返回 ```json {"access_token":"19094f99-1345-4c88-9318-05a9e5a0f4ad","token_type":"bearer","expires_in":7199,"scope":"all"} ``` ### 携带token请求资源 ```bash curl -i -H "Accept: application/json" -H "Authorization: Bearer 19094f99-1345-4c88-9318-05a9e5a0f4ad" -X GET http://localhost:8080/api/test ``` 或者 ```bash curl -i -X GET http://localhost:8080/api/test?access_token=19094f99-1345-4c88-9318-05a9e5a0f4ad ``` > 不过这种把token暴露在url中不是太安全 返回 ```json HTTP/1.1 200 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Tue, 27 Nov 2018 05:53:55 GMT {"authorities":[],"details":{"remoteAddress":"0:0:0:0:0:0:0:1","sessionId":null,"tokenValue":"19094f99-1345-4c88-9318-05a9e5a0f4ad","tokenType":"Bearer","decodedDetails":null},"authenticated":true,"userAuthentication":null,"oauth2Request":{"clientId":"demoApp","scope":["all"],"requestParameters":{"grant_type":"client_credentials","client_id":"demoApp"},"resourceIds":["oauth2-resource"],"authorities":[],"approved":true,"refresh":false,"redirectUri":null,"responseTypes":[],"extensions":{},"grantType":"client_credentials","refreshTokenRequest":null},"clientOnly":true,"principal":"demoApp","credentials":"","name":"demoApp"} ``` ### check token ```bash curl -i -X POST -H "Accept: application/json" -u "demoApp:demoAppSecret" http://localhost:8080/oauth/check_token?token=19094f99-1345-4c88-9318-05a9e5a0f4ad ``` 返回: ```json HTTP/1.1 200 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Tue, 27 Nov 2018 05:56:23 GMT {"aud":["oauth2-resource"],"scope":["all"],"exp":1543305079,"client_id":"demoApp"} ``` #### 注意: 1. appId /secret 是固定写在 `OAuth2ServerConfig` 类中的,可以自行修改做成配置化的,也可以从数据库读取 2. token 是存储在 服务器内存中的,重启即会丢失,如果需要持久化 ,请 使用 TokenStore (JdbcTokenStore, RedisTokenStore 等等)