WebClient Oauth2 - 令牌类型必须是承载错误

【问题标题】:WebClient Oauth2 - Token type must be Bearer errorWebClient Oauth2 - 令牌类型必须是承载错误
【发布时间】:2022-01-23 19:27:43
【问题描述】:

我正在使用 Java 11 和 Spring Boot 中的 OAuth2 授权实现 WebClient。授权服务使用令牌响应 200,但随后显示以下错误:
"[invalid_token_response] An error occurred parsing the Access Token response: Token type must be Bearer"

我的 WebClient 配置:

    @Bean
    public ReactiveClientRegistrationRepository clientRegistrations(
            @Value("${spring.security.oauth2.client.provider.apigee.token-uri}") String tokenUri,
            @Value("${spring.security.oauth2.client.registration.apigee.client-id}") String clientId,
            @Value("${spring.security.oauth2.client.registration.apigee.client-secret}") String clientSecret,
            @Value("${spring.security.oauth2.client.registration.apigee.scope}") String scope,
            @Value("${spring.security.oauth2.client.registration.apigee.authorization-grant-type}") String authorizationGrantType) {

        ClientRegistration registration = ClientRegistration
                .withRegistrationId(REGISTRATION_ID)
                .tokenUri(tokenUri)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .scope(scope)
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
                .authorizationGrantType(new AuthorizationGrantType(authorizationGrantType))
                .build();

        return new InMemoryReactiveClientRegistrationRepository(registration);
    }

    @Bean
    public WebClient webClient(ReactiveClientRegistrationRepository clientRegistrations) {
        InMemoryReactiveOAuth2AuthorizedClientService clientService = new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrations);
        AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(
                clientRegistrations, clientService);
        ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
        oauth.setDefaultClientRegistrationId(REGISTRATION_ID);
        return WebClient.builder()
                .filter(oauth)
                .build();
    }

还有属性

spring.security.oauth2.client.registration.apigee.client-id=client-id
spring.security.oauth2.client.registration.apigee.client-secret=client-secret
spring.security.oauth2.client.registration.apigee.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.apigee.client-authentication-method=client_secret_post
spring.security.oauth2.client.registration.apigee.scope=write,read
spring.security.oauth2.client.provider.apigee.token-uri=https://host/v1/authorization

【问题讨论】:

    标签: java oauth-2.0 webclient spring-security-oauth2 spring-webclient


    【解决方案1】: 
    spring.security.oauth2.client.provider.apigee.token-uri=https://host/v1/authorization

    这似乎是这里的问题。 token-uri 应该如下:

    https://hostname:port/oauth2/v2.0/token

    例如:如果 IDP 是 Azure AD,则 URI 如下:

    https://login.microsoftonline.com/<Client URI>/oauth2/v2.0/token

    【讨论】:

      猜你喜欢
      • 2018-01-10
      • 1970-01-01
      • 1970-01-01
      • 2015-09-20
      • 1970-01-01
      • 1970-01-01
      • 2018-05-03
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode