春季安全 OAuth2 自定义成功用户

huangapple go评论67阅读模式
英文:

Spring Security OAuth2 custom success user

问题

我想要添加使用 Azure AD 的 OAuth 授权。我使用这个指南进行设置。问题在于,我只想将 Azure AD 用作信任提供者(例如,用户属于特定组,也称为目录),但我不想使用 OidcUser 作为 Spring Security 用户。

我希望的过程是:将用户重定向到 Microsoft 登录页面,接收包含所有令牌的用户信息,然后在我的服务器端处理请求,并根据来自 Microsoft 的电子邮件授权我的自定义 Spring Security UserDetails 实现。

英文:

I want to add OAuth authorization wuth Azure AD. I use this guide to setup this. The problem is that I want to use Azure AD only as a Trust Provider(like user belong to specific group aka directory), but I don't want to work with OidcUser Spring Security User.

Process that I would like to have: redirect user to Microsoft login page, receive user info with all tokens, handle request on my server side and authoriza my custom implementation of Spring Security UserDetails based on email from Microsoft

答案1

得分: 1

如果您的情景是要完全消除用户身份验证,并且希望服务器直接进行身份验证,那么可以使用客户端凭证流程来实现。

根据您在第二段提到的涉及用户的过程,可以使用授权码流程来实现。

此外,有关代码示例和实施,请参阅Microsoft Github 文档

英文:

If your scenario is to eliminate the user authentication completely and your server to directly authenticate then it is possible with client credential flow.

Based on the process you have mentioned in the second paragraph which involves user it is possible with authentication code flow.

Also, for code sample and implementation please refer Microsoft Github Document.

huangapple
  • 本文由 发表于 2020年10月9日 20:13:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/64279836.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定