Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 16:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update ref doc for oauth2-client

Browse Source
This commit is contained in:
Joe Grandja 2019-09-13 19:22:19 -04:00
parent b55b2914c2
commit 1c257afa79
1 changed files with 45 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
docs/manual/src/docs/asciidoc/_includes/servlet/preface/oauth2-client.adoc
View File

@ -179,8 +179,8 @@ public class OAuth2ClientController {
@RequestMapping("/") @RequestMapping("/")
public String index() { public String index() {
ClientRegistration googleRegistration = ClientRegistration oktaRegistration =
this.clientRegistrationRepository.findByRegistrationId("google"); this.clientRegistrationRepository.findByRegistrationId("okta");
... ...
@ -207,38 +207,34 @@ Whereas, the primary role of `OAuth2AuthorizedClientService` is to manage `OAuth
From a developer perspective, the `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` provides the capability to lookup an `OAuth2AccessToken` associated with a client so that it may be used to initiate a protected resource request. From a developer perspective, the `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` provides the capability to lookup an `OAuth2AccessToken` associated with a client so that it may be used to initiate a protected resource request.
[NOTE]
Spring Boot 2.x auto-configuration registers an `OAuth2AuthorizedClientRepository` and/or `OAuth2AuthorizedClientService` `@Bean` in the `ApplicationContext`.
However, the application may choose to override and register a custom `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` `@Bean`.
The following listing shows an example: The following listing shows an example:
[source,java] [source,java]
---- ----
@Controller @Controller
public class OAuth2LoginController { public class OAuth2ClientController {
@Autowired @Autowired
private OAuth2AuthorizedClientService authorizedClientService; private OAuth2AuthorizedClientService authorizedClientService;
@RequestMapping("/userinfo") @RequestMapping("/")
public String userinfo(OAuth2AuthenticationToken authentication) { public String index(Authentication authentication) {
// authentication.getAuthorizedClientRegistrationId() returns the OAuth2AuthorizedClient authorizedClient =
// registrationId of the Client that was authorized during the oauth2Login() flow this.authorizedClientService.loadAuthorizedClient("okta", authentication.getName());
OAuth2AuthorizedClient authorizedClient =
this.authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId(),
authentication.getName());
OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
... ...
return "userinfo"; return "index";
} }
} }
---- ----
[NOTE]
Spring Boot 2.x auto-configuration registers an `OAuth2AuthorizedClientRepository` and/or `OAuth2AuthorizedClientService` `@Bean` in the `ApplicationContext`.
However, the application may choose to override and register a custom `OAuth2AuthorizedClientRepository` or `OAuth2AuthorizedClientService` `@Bean`.
[[oauth2Client-authorized-manager-provider]] [[oauth2Client-authorized-manager-provider]]
==== OAuth2AuthorizedClientManager / OAuth2AuthorizedClientProvider ==== OAuth2AuthorizedClientManager / OAuth2AuthorizedClientProvider
@ -311,6 +307,29 @@ The `OAuth2AuthorizationRequestRedirectFilter` uses an `OAuth2AuthorizationReque
The primary role of the `OAuth2AuthorizationRequestResolver` is to resolve an `OAuth2AuthorizationRequest` from the provided web request. The primary role of the `OAuth2AuthorizationRequestResolver` is to resolve an `OAuth2AuthorizationRequest` from the provided web request.
The default implementation `DefaultOAuth2AuthorizationRequestResolver` matches on the (default) path `/oauth2/authorization/{registrationId}` extracting the `registrationId` and using it to build the `OAuth2AuthorizationRequest` for the associated `ClientRegistration`. The default implementation `DefaultOAuth2AuthorizationRequestResolver` matches on the (default) path `/oauth2/authorization/{registrationId}` extracting the `registrationId` and using it to build the `OAuth2AuthorizationRequest` for the associated `ClientRegistration`.
Given the following Spring Boot 2.x properties for an OAuth 2.0 Client registration:
[source,yaml]
----
spring:
security:
oauth2:
client:
registration:
okta:
client-id: okta-client-id
client-secret: okta-client-secret
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/authorized/okta"
scope: read, write
----
A request with the base path `/oauth2/authorization/okta` will initiate the Authorization Request redirect by the `OAuth2AuthorizationRequestRedirectFilter` and ultimately start the Authorization Code grant flow.
[NOTE]
The `AuthorizationCodeOAuth2AuthorizedClientProvider` is an implementation of `OAuth2AuthorizedClientProvider` for the Authorization Code grant,
which also initiates the Authorization Request redirect by the `OAuth2AuthorizationRequestRedirectFilter`.
===== Customizing the Authorization Request ===== Customizing the Authorization Request
@ -471,7 +490,7 @@ Please refer to the https://tools.ietf.org/html/rfc6749#section-4.1.3[Access Tok
The primary role of the `OAuth2AccessTokenResponseClient` is to exchange an authorization grant credential for an access token credential at the Authorization Server's Token Endpoint. The primary role of the `OAuth2AccessTokenResponseClient` is to exchange an authorization grant credential for an access token credential at the Authorization Server's Token Endpoint.
The default implementation of `OAuth2AccessTokenResponseClient` for the `authorization_code` grant is `DefaultAuthorizationCodeTokenResponseClient`, which uses a `RestOperations` for exchanging an authorization code for an access token at the Token Endpoint. The default implementation of `OAuth2AccessTokenResponseClient` for the Authorization Code grant is `DefaultAuthorizationCodeTokenResponseClient`, which uses a `RestOperations` for exchanging an authorization code for an access token at the Token Endpoint.
The `DefaultAuthorizationCodeTokenResponseClient` is quite flexible as it allows you to customize the pre-processing of the Token Request and/or post-handling of the Token Response. The `DefaultAuthorizationCodeTokenResponseClient` is quite flexible as it allows you to customize the pre-processing of the Token Request and/or post-handling of the Token Response.
@ -543,15 +562,15 @@ This is a convenient alternative compared to looking up the `OAuth2AuthorizedCli
[source,java] [source,java]
---- ----
@Controller @Controller
public class OAuth2LoginController { public class OAuth2ClientController {
@RequestMapping("/userinfo") @RequestMapping("/")
public String userinfo(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient authorizedClient) { public String index(@RegisteredOAuth2AuthorizedClient("okta") OAuth2AuthorizedClient authorizedClient) {
OAuth2AccessToken accessToken = authorizedClient.getAccessToken(); OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
... ...
return "userinfo"; return "index";
} }
} }
---- ----