TokenType 指定方式细节重构

sa-token-doc/oauth2/oauth2-apidoc.md

@@ -233,6 +233,11 @@ http://{host}:{port}/oauth2/userinfo?access_token={access_token}
 }
 ```
 
+除了直接在 url 中以 query 参数方式提交 `access_token`，你也可以在 `Authorization` 请求头以 `Bearer Token` 方式提交：
+``` js
+header['Authorization'] = 'Bearer access_token';
+```
+
 
 ## 2、模式二：隐藏式（Implicit）
 

sa-token-doc/oauth2/oauth2-custom-scope.md

@@ -20,8 +20,9 @@ sa-token-oauth2 提供两种模式，让 access_token 可以得到更多信息
 ``` java
 // 获取 userinfo 信息：昵称、头像、性别等等
 @RequestMapping("/oauth2/userinfo")
-public SaResult userinfo(@RequestParam("access_token") String accessToken) {
+public SaResult userinfo() {
 	// 获取 Access-Token 对应的账号id
+	String accessToken = SaOAuth2Manager.getDataResolver().readAccessToken(SaHolder.getRequest());
 	Object loginId = SaOAuth2Util.getLoginIdByAccessToken(accessToken);
 	System.out.println("-------- 此Access-Token对应的账号id: " + loginId);
 	

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java

@@ -16,6 +16,7 @@
 package cn.dev33.satoken.oauth2.data.convert;
 
 import cn.dev33.satoken.oauth2.SaOAuth2Manager;
+import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts;
 import cn.dev33.satoken.oauth2.data.model.AccessTokenModel;
 import cn.dev33.satoken.oauth2.data.model.CodeModel;
 import cn.dev33.satoken.oauth2.data.model.RefreshTokenModel;
@@ -78,6 +79,7 @@ public class SaOAuth2DataConverterDefaultImpl implements SaOAuth2DataConverter {
         at.clientId = cm.clientId;
         at.loginId = cm.loginId;
         at.scopes = cm.scopes;
+        at.tokenType = SaOAuth2Consts.TokenType.bearer;
         SaClientModel clientModel = SaOAuth2Manager.getDataLoader().getClientModelNotNull(cm.clientId);
         at.expiresTime = System.currentTimeMillis() + (clientModel.getAccessTokenTimeout() * 1000);
         at.extraData = new LinkedHashMap<>();
@@ -118,6 +120,7 @@ public class SaOAuth2DataConverterDefaultImpl implements SaOAuth2DataConverter {
         at.clientId = rt.clientId;
         at.loginId = rt.loginId;
         at.scopes = rt.scopes;
+        at.tokenType = SaOAuth2Consts.TokenType.bearer;
         at.extraData = new LinkedHashMap<>(rt.extraData);
         SaClientModel clientModel = SaOAuth2Manager.getDataLoader().getClientModelNotNull(rt.clientId);
         at.expiresTime = System.currentTimeMillis() + (clientModel.getAccessTokenTimeout() * 1000);

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/generate/SaOAuth2DataGenerateDefaultImpl.java

@@ -166,6 +166,7 @@ public class SaOAuth2DataGenerateDefaultImpl implements SaOAuth2DataGenerate {
         // 2、生成 新Access-Token
         String newAtValue = SaOAuth2Strategy.instance.createAccessToken.execute(ra.clientId, ra.loginId, ra.scopes);
         AccessTokenModel at = new AccessTokenModel(newAtValue, ra.clientId, ra.loginId, ra.scopes);
+        at.tokenType = SaOAuth2Consts.TokenType.bearer;
 
         // 3、根据权限构建额外参数
         at.extraData = new LinkedHashMap<>();
@@ -220,6 +221,7 @@ public class SaOAuth2DataGenerateDefaultImpl implements SaOAuth2DataGenerate {
         // 3、生成新 Client-Token
         String clientTokenValue = SaOAuth2Strategy.instance.createClientToken.execute(clientId, scopes);
         ClientTokenModel ct = new ClientTokenModel(clientTokenValue, clientId, scopes);
+        ct.tokenType = SaOAuth2Consts.TokenType.bearer;
         ct.expiresTime = System.currentTimeMillis() + (cm.getClientTokenTimeout() * 1000);
         ct.extraData = new LinkedHashMap<>();
         SaOAuth2Strategy.instance.workClientTokenByScope.accept(ct);

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/AccessTokenModel.java

@@ -64,6 +64,11 @@ public class AccessTokenModel implements Serializable {
 	 */
 	public List<String> scopes;
 
+	/**
+	 * Token 类型
+	 */
+	public String tokenType;
+
 	/**
 	 * 扩展数据
 	 */
@@ -152,6 +157,15 @@ public class AccessTokenModel implements Serializable {
 		return this;
 	}
 
+	public String getTokenType() {
+		return tokenType;
+	}
+
+	public AccessTokenModel setTokenType(String tokenType) {
+		this.tokenType = tokenType;
+		return this;
+	}
+
 	public Map<String, Object> getExtraData() {
 		return extraData;
 	}
@@ -163,9 +177,17 @@ public class AccessTokenModel implements Serializable {
 
 	@Override
 	public String toString() {
-		return "AccessTokenModel [accessToken=" + accessToken + ", refreshToken=" + refreshToken
-				+ ", accessTokenTimeout=" + expiresTime + ", refreshTokenTimeout=" + refreshExpiresTime
-				+ ", clientId=" + clientId + ", scopes=" + scopes + ", extraData=" + extraData + "]";
+		return "AccessTokenModel{" +
+				"accessToken='" + accessToken + '\'' +
+				", refreshToken='" + refreshToken + '\'' +
+				", expiresTime=" + expiresTime +
+				", refreshExpiresTime=" + refreshExpiresTime +
+				", clientId='" + clientId + '\'' +
+				", loginId=" + loginId +
+				", scopes=" + scopes +
+				", tokenType='" + tokenType + '\'' +
+				", extraData=" + extraData +
+				'}';
 	}
 
 	// 追加只读属性

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/ClientTokenModel.java

@@ -49,6 +49,11 @@ public class ClientTokenModel implements Serializable {
 	 */
 	public List<String> scopes;
 
+	/**
+	 * Token 类型
+	 */
+	public String tokenType;
+
 	/**
 	 * 扩展数据
 	 */
@@ -91,6 +96,15 @@ public class ClientTokenModel implements Serializable {
 		return this;
 	}
 
+	public String getTokenType() {
+		return tokenType;
+	}
+
+	public ClientTokenModel setTokenType(String tokenType) {
+		this.tokenType = tokenType;
+		return this;
+	}
+
 	public Map<String, Object> getExtraData() {
 		return extraData;
 	}
@@ -118,10 +132,11 @@ public class ClientTokenModel implements Serializable {
 	@Override
 	public String toString() {
 		return "ClientTokenModel{" +
-				"clientToken='" + clientToken + '\'' +
+				"clientToken='" + clientToken +
 				", expiresTime=" + expiresTime +
-				", clientId='" + clientId + '\'' +
+				", clientId='" + clientId +
 				", scopes=" + scopes +
+				", tokenType=" + tokenType +
 				", extraData=" + extraData +
 				'}';
 	}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java

@@ -122,7 +122,7 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver {
     @Override
     public Map<String, Object> buildTokenReturnValue(AccessTokenModel at) {
         Map<String, Object> map = new LinkedHashMap<>();
-        map.put("token_type", TokenType.bearer);
+        map.put("token_type", at.tokenType);
         map.put("access_token", at.accessToken);
         map.put("refresh_token", at.refreshToken);
         map.put("expires_in", at.getExpiresIn());
@@ -139,6 +139,7 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver {
     @Override
     public Map<String, Object> buildClientTokenReturnValue(ClientTokenModel ct) {
         Map<String, Object> map = new LinkedHashMap<>();
+        map.put("token_type", ct.tokenType);
         map.put("client_token", ct.clientToken);
         // map.put("access_token", ct.clientToken); // 兼容 OAuth2 协议
         map.put("expires_in", ct.getExpiresIn());

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java

@@ -303,8 +303,7 @@ public class SaOAuth2ServerProcessor {
 		ClientIdAndSecretModel clientIdAndSecret = SaOAuth2Manager.getDataResolver().readClientIdAndSecret(req);
 		String clientId = clientIdAndSecret.clientId;
 		String clientSecret = clientIdAndSecret.clientSecret;
-		String scope = req.getParam(Param.scope, "");
-		List<String> scopes = SaOAuth2Manager.getDataConverter().convertScopeStringToList(scope);
+		List<String> scopes = SaOAuth2Manager.getDataConverter().convertScopeStringToList(req.getParam(Param.scope));
 
 		//校验 ClientScope
 		oauth2Template.checkContract(clientId, scopes);