英文:
Oauth2 token with non-standard prefix for scopes
问题
我需要自定义令牌解析以将 scp 作为 scope 的别名包含进去。
英文:
The 3rd party Oauth2 resources server that I am required to use returns the scopes in the JWT token with a prefix of scp as in "scp": "read_notifications.v1". When spring security parses the JWT it returns an empty set of scopes.
Does anyone know of a way to customize the parsing of the token to include scp as an alias for scope
答案1
得分: 1
是的,我知道如何自定义标记的解析方式。
使用我的Spring Boot Starter
示例用于响应式OAuth2客户端
<dependency>
<groupId>com.c4-soft.springaddons</groupId>
<artifactId>spring-addons-webflux-jwt-client</artifactId>
<version>6.1.11</version>
</dependency>
<dependency>
<groupId>com.c4-soft.springaddons</groupId>
<artifactId>spring-addons-webflux-jwt-test</artifactId>
<version>6.1.11</version>
<scope>test</scope>
</dependency>
@Configuration
@EnableReactiveMethodSecurity
public class OAuth2SecurityConfig {
}
scheme: http
gateway-uri: ${scheme}://localhost:${server.port}
origins: ${scheme}://localhost:4200
issuer: https://oidc.c4-soft.com/auth/realms/spring-addons
client-id: spring-addons
client-secret: change-me
server:
port: 8888
ssl:
enabled: false
spring:
security:
oauth2:
client:
provider:
c4-soft:
issuer-uri: ${issuer}
registration:
c4-soft-authorization-code:
authorization-grant-type: authorization_code
client-id: ${client-id}
client-secret: ${client-secret}
provider: c4-soft
scope: openid,profile,email,offline_access,roles
com:
c4-soft:
springaddons:
security:
issuers:
- location: ${issuer}
authorities:
- path: $.scp
client:
client-uri: ${gateway-uri}
security-matchers: /**
permit-all:
- /login/**
- /oauth2/**
- /
- /v3/api-docs/**
- /actuator/health/readiness
- /actuator/health/liveness
- /.well-known/acme-challenge/**
csrf: cookie-accessible-from-js
back-channel-logout-enabled: true
---
scheme: https
server:
ssl:
enabled: true
spring:
config:
activate:
on-profile: ssl
通过com.c4-soft.springaddons.security.issuers[].authorities[]属性,您可以配置自动注入的权限转换器。在这里,我只将scp设置为Spring权限的来源,但您也可以定义前缀(类似于ROLE_或SCOPE_)并强制使用大写或小写字母。
浏览不同用例的示例和教程(servlets、资源服务器等)。
使用Spring Boot“官方”启动器
手册回答了您关于以下内容的问题:
英文:
Yes I know ways to customize the parsing of tokens.
With Spring Boot Starters of mine
Sample for a reactive OAuth2 client
<dependency>
<groupId>com.c4-soft.springaddons</groupId>
<artifactId>spring-addons-webflux-jwt-client</artifactId>
<version>6.1.11</version>
</dependency>
<dependency>
<groupId>com.c4-soft.springaddons</groupId>
<artifactId>spring-addons-webflux-jwt-test</artifactId>
<version>6.1.11</version>
<scope>test</scope>
</dependency>
@Configuration
@EnableReactiveMethodSecurity
public class OAuth2SecurityConfig {
}
scheme: http
gateway-uri: ${scheme}://localhost:${server.port}
origins: ${scheme}://localhost:4200
issuer: https://oidc.c4-soft.com/auth/realms/spring-addons
client-id: spring-addons
client-secret: change-me
server:
port: 8888
ssl:
enabled: false
spring:
security:
oauth2:
client:
provider:
c4-soft:
issuer-uri: ${issuer}
registration:
c4-soft-authorization-code:
authorization-grant-type: authorization_code
client-id: ${client-id}
client-secret: ${client-secret}
provider: c4-soft
scope: openid,profile,email,offline_access,roles
com:
c4-soft:
springaddons:
security:
issuers:
- location: ${issuer}
authorities:
- path: $.scp
client:
client-uri: ${gateway-uri}
security-matchers: /**
permit-all:
- /login/**
- /oauth2/**
- /
- /v3/api-docs/**
- /actuator/health/readiness
- /actuator/health/liveness
- /.well-known/acme-challenge/**
csrf: cookie-accessible-from-js
back-channel-logout-enabled: true
---
scheme: https
server:
ssl:
enabled: true
spring:
config:
activate:
on-profile: ssl
With com.c4-soft.springaddons.security.issuers[].authorities[] properties, you can configure an auto-wired authorities converter. Here, I just set scp as source for Spring Authorities, but you can also define a prefix (something like ROLE_ or SCOPE_) and force to upper or lower case.
Browse the samples and tutorials for different use cases (servlets, resource servers, ...)
With Spring Boot "official" starters
The manual answers your question for:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论