Shulou(Shulou.com)06/02 Report--

This article will explain in detail the examples of OAuth2.0 database JDBC storage client for you. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.

Automatic approval authorization code

In the previous authorization process, when you get the authorization code in the first step, you will go through an authorization approval page:

This process is like a page that asks whether nicknames and avatars are allowed to be obtained after a successful login by a third party. This process can be agreed automatically, and an automatic approval needs to be added to the client configuration:

In this way, we can apply for the authorization code and get it directly:

When the process needs to be completed automatically, you need to configure it like this. If you need to click "agree", you need to set it to false. If you don't write it, the default is false.

Client information collation

The automatic approval above is only a small configuration in the client configuration. Let's systematically sort out all the configurable contents of the client. First, let's take a look at the six fields that have now been configured:

The above six fields are our most commonly used and indispensable client information. However, there are many other fields in the client configuration. Let's take a look at it as a whole:

The 11 fields above basically include the configuration of all third-party clients. Let's explain it in detail one by one:

WithClient method: used to configure client_id, which must be configured to uniquely identify each client (client). It must be filled in when registering (it can also be automatically generated by the server). This field is required. Practical applications are also called app_key.

ResourceIds method: it is used to configure resource_ids, indicating the id collection of resources that the client can access. When registering the client, the resource id can be selected according to the actual needs, or the corresponding resource id can be assigned according to different registration processes. We can set up a resourceid for each Resource Server (resource service). When authorizing client, you can set which resource instances the client can access. If it is not set, it has access to all resource.

Secret method: it is used to configure client_secret, register or generate automatically on the server. In practical applications, it is also called app_secret.

Scopes method: it is used to configure scope and specify the permission scope of client, such as read and write permissions, such as mobile or web permissions. All represents all permissions.

AuthorizedGrantTypes method: used to configure authorized_grant_types, optional value, authenticator mode: authorization_code, password mode: password, refresh token: refresh_token, implicit mode: implicit: client mode: client_credentials. Multiple commas are supported

RedirectUris method: used to configure web_server_redirect_uri. This value is required for client redirection uri,authorization_code and implicit. Enter it when registering.

Authorities method: it is used to configure authorities and specify the permission scope of the user. If the authorization process requires the user to log in, this field does not take effect. Implicit and client_credentials need

AccessTokenValiditySeconds method, which is used to configure access_token_validity and set the valid time of access_token (in seconds). Default (12 hours)

RefreshTokenValiditySeconds method: used to configure refresh_token_validity and set the validity period of refresh_token (seconds). Default (30 days)

AdditionalInformation method: used to configure additional_information to indicate supplementary information. Nullable. The value must be in json format.

AutoApprove method: it is used to configure autoapprove. The default false is applicable to authorization_code mode. Set whether the user operates approval automatically. Set true to skip the user confirmation authorization operation page and directly skip to redirect_uri.

Let's create a new table in the database and define that there are eleven fields. The table name is oauth_client_details:

Note that the table name must be oauth_client_details, which is the table name specified by oauth and is also the table name in the default jdbc operation. Let's add a record:

Compared to the previous example, there is an extra field value for resource_ids, and everything else is the same as the previous configuration. Note that secret stores encrypted ciphertext and secret before encryption.

The authorization service has an extra resource_id, and the resource service has to configure its own id:

Default jdbc management client

It is very simple to change the configured dead client information to jdbc to query from the client. First, introduce database dependency:

Then configure the data source:

Finally, modify the client configuration of the authorization configuration class:

You can see that the modified client configuration is very simple, you only need to configure a jdbc data source on the client, and the query method is implemented automatically. For implementation, you can refer to the source code:

Org.springframework.security.oauth3.provider.client.JdbcClientDetailsService

There are written sql statements and logic of adding, deleting, modifying and querying:

There is a method to update the secret key, which requires encryption:

So we can configure the encryption method after the jdbc method:

test

In addition to the database above, other configuration modifications are very simple, so let's test it:

Access results:

On the OAuth2.0 database JDBC storage client example is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.