diff --git a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/custom/CustomOidcScopeHandler.java b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/custom/CustomOidcScopeHandler.java index 835cc377..99597d50 100644 --- a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/custom/CustomOidcScopeHandler.java +++ b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/custom/CustomOidcScopeHandler.java @@ -19,10 +19,11 @@ // System.out.println("----- 为 idToken 追加扩展字段 ----- "); // // idToken.extraData.put("uid", userId); // 用户id -// idToken.extraData.put("nickname", "lin_xiao_lin"); // 昵称 +// idToken.extraData.put("nickname", "linXiaoLin"); // 昵称 // idToken.extraData.put("picture", "https://sa-token.cc/logo.png"); // 头像 // idToken.extraData.put("email", "456456@xx.com"); // 邮箱 // idToken.extraData.put("phone_number", "13144556677"); // 手机号 +// // // 更多字段 ... // // 可参考:https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims // diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/generate/SaOAuth2DataGenerateDefaultImpl.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/generate/SaOAuth2DataGenerateDefaultImpl.java index 090bc335..7f535b1f 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/generate/SaOAuth2DataGenerateDefaultImpl.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/generate/SaOAuth2DataGenerateDefaultImpl.java @@ -144,6 +144,7 @@ public class SaOAuth2DataGenerateDefaultImpl implements SaOAuth2DataGenerate { // 生成新 Access-Token AccessTokenModel at = SaOAuth2Manager.getDataConverter().convertRefreshTokenToAccessToken(rt); + SaOAuth2Strategy.instance.refreshAccessTokenWorkByScope.accept(at); // 保存新 Access-Token dao.saveAccessToken(at); diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/OidcScopeHandler.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/OidcScopeHandler.java index 22438c90..f5108472 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/OidcScopeHandler.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/OidcScopeHandler.java @@ -23,7 +23,6 @@ import cn.dev33.satoken.jwt.error.SaJwtErrorCode; import cn.dev33.satoken.jwt.exception.SaJwtException; import cn.dev33.satoken.oauth2.SaOAuth2Manager; import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts; -import cn.dev33.satoken.oauth2.dao.SaOAuth2Dao; import cn.dev33.satoken.oauth2.data.model.AccessTokenModel; import cn.dev33.satoken.oauth2.data.model.ClientTokenModel; import cn.dev33.satoken.oauth2.data.model.oidc.IdTokenModel; @@ -83,6 +82,11 @@ public class OidcScopeHandler implements SaOAuth2ScopeHandlerInterface { } + @Override + public boolean refreshAccessTokenIsWork() { + return true; + } + /** * 获取 iss * @return / diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/SaOAuth2ScopeHandlerInterface.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/SaOAuth2ScopeHandlerInterface.java index d06ed40b..04f8b847 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/SaOAuth2ScopeHandlerInterface.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/scope/handler/SaOAuth2ScopeHandlerInterface.java @@ -47,4 +47,13 @@ public interface SaOAuth2ScopeHandlerInterface { */ void workClientToken(ClientTokenModel ct); + /** + * 当使用 RefreshToken 刷新 AccessToken 时,是否重新执行 workAccessToken 构建方法 + * + * @return / + */ + default boolean refreshAccessTokenIsWork() { + return false; + } + } \ No newline at end of file diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java index 7e9e58eb..83c73217 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java @@ -105,6 +105,24 @@ public final class SaOAuth2Strategy { } }; + /** + * 当使用 RefreshToken 刷新 AccessToken 时,根据 scope 信息对一个 AccessTokenModel 进行加工处理 + */ + public SaOAuth2ScopeWorkAccessTokenFunction refreshAccessTokenWorkByScope = (at) -> { + if(at.scopes != null && !at.scopes.isEmpty()) { + for (String scope : at.scopes) { + SaOAuth2ScopeHandlerInterface handler = scopeHandlerMap.get(scope); + if(handler != null && handler.refreshAccessTokenIsWork()) { + handler.workAccessToken(at); + } + } + } + SaOAuth2ScopeHandlerInterface finallyWorkScopeHandler = scopeHandlerMap.get(SaOAuth2Consts._FINALLY_WORK_SCOPE); + if(finallyWorkScopeHandler != null && finallyWorkScopeHandler.refreshAccessTokenIsWork()) { + finallyWorkScopeHandler.workAccessToken(at); + } + }; + /** * 根据 scope 信息对一个 ClientTokenModel 进行加工处理 */