Java使用客户端凭据授权获取访问令牌并存储令牌

huangapple go评论96阅读模式
英文:

Java Get access token using Client Credentials grant and store the token

问题

我在这里有点迷茫,需要一些直接的指导。我对Java还很陌生,这是我尝试编写的第一个程序,显然已经挣扎了一个月左右。

目前,我们使用Postman来输入客户端ID/密钥,以从第三方API获取访问令牌,然后我们可以使用该令牌从第三方的另一个端点请求资源。

我尝试参考多个资源,比如这个Spring Security的示例:
https://github.com/spring-projects/spring-security/blob/master/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java

以及这个Baeldung的示例:
https://www.baeldung.com/spring-webclient-oauth2#5-security-web-filter-chain

还有这个Stack Overflow上的一些资源,但是当我尝试为自己重新创建这些示例时,它们不起作用,我失败了,实际上有点放弃了...

在Application.yml文件中,这是我的配置:


spring:
security:
oauth2:
client:
authorization-grant-type: client_credentials
client-id:
client-secret:
token-uri: "在这里输入URL"

请问有人可以指导我如何创建Java/Spring代码来获取这个令牌吗?凭据将需要放在HTTP请求的标头中。

英文:

I am bit lost here and need some direct please. I am new to Java and this is the first program that i am trying to write and obviously struggling with it for a month or so.
So currently we use postman to input client ID/secret to get access token from a 3rd party API, using which we can request resources from another end point of this 3rd party.
I am trying reference multiple resources like this spring security example
https://github.com/spring-projects/spring-security/blob/master/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.java

https://www.baeldung.com/spring-webclient-oauth2#5-security-web-filter-chain

https://mkyong.com/java/how-to-send-http-request-getpost-in-java/

and few more in stackoverflow as well.. but when i try and recreate those examples for me, it doesn't work and i am failing and kind off gave up actually...

in the Application.yml file, this is the configuration that i have.


spring:
security:
oauth2:
client:
authorization-grant-type: client_credentials
client-id:
client-secret:
token-uri: "url here"

Please can someone give me some directions on how i can create a Java/spring code to get this token. the credentials will have to go in the header of http request.

答案1

得分: 2

我会推荐使用Connect2ID库,因为它们有非常完善的文档,由专家实现,并且对开发者友好:

如果你在使用Intellij,只需在你的maven pom.xml文件中引用类似以下的库,maven会为你下载这个库:

<dependency>
  <groupId>com.nimbusds</groupId>
  <artifactId>oauth2-oidc-sdk</artifactId>
  <version>8.4</version>
</dependency>

在这个流程中,通常会按照以下方式管理令牌存储:

  • 只需将访问令牌存储在内存中
  • 最终访问令牌将会过期,你将会收到401响应
  • 当发生这种情况时,只需重新进行身份验证以获取新的令牌...
  • ...然后使用新的访问令牌重试API调用。
英文:

I'd recommend the Connect2ID libraries, since they are very well documented, implemented by experts and developer friendly:

If you're using Intellij you just need to reference libraries like this in your maven pom.xml file and maven will download the library for you:

&lt;dependency&gt;
  &lt;groupId&gt;com.nimbusds&lt;/groupId&gt;
  &lt;artifactId&gt;oauth2-oidc-sdk&lt;/artifactId&gt;
  &lt;version&gt;8.4&lt;/version&gt;
&lt;/dependency&gt;

It is usual to manage token storage as follows in this flow:

  • Just store the access token in memory
  • Eventually the access token will expire and you will get a 401 response
  • When this happens, just authenticate again to get a new token ...
  • ... and retry the API call with the new access token

huangapple
  • 本文由 发表于 2020年6月29日 01:30:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/62626004.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定