diff --git a/sa-token-doc/fun/data-structure.md b/sa-token-doc/fun/data-structure.md index f5595551..bdaa1029 100644 --- a/sa-token-doc/fun/data-structure.md +++ b/sa-token-doc/fun/data-structure.md @@ -230,18 +230,37 @@ clientId + loginId 反查 code ``` js { - "@class": "cn.dev33.satoken.oauth2.model.AccessTokenModel", // java class 信息 - "accessToken": "CqRVp2HrgyklE0BXYWszskGJWAGY7xhGu9Zaco4zJECzGYagCCFWj0jOlHoU", // 资源令牌值 - "refreshToken": "EAubykIqRLwbvvi0wfZqnWxoC1bLhPguIfTqX3S1aoTe6pCLKsV9jU3OEI8U", // 刷新令牌值 - "expiresTime": 1722422031510, // 资源令牌到期时间 - "refreshExpiresTime": 1725006831511, // 刷新令牌到期时间 + "@class": "cn.dev33.satoken.oauth2.data.model.AccessTokenModel", // java class 信息 + "accessToken": "Pu3t55dJIgvkmVoHz50FqaVQOJ6Flggjr2eHTiS74Ooai8e3nNyYPq78K80P", // 资源令牌值 + "refreshToken": "baGyl6PHK304tPojnpxd1SpW12oJcOGv7gFaDAAkjLWbJG1J1WLUIGobsw7m", // 刷新令牌值 + "expiresTime": 1738280553695, // 资源令牌到期时间 + "refreshExpiresTime": 1740865353760, // 刷新令牌到期时间 "clientId": "1001", // 对应的应用id "loginId": "10001", // 对应的loginId - "openid": "gr_SwoIN0MC1ewxHX_vfCW3BothWDZMMtx__", // 对应的 openid - "scope": "", // 所具有的权限列表,多个用逗号隔开 - "expiresIn": 7199, // 资源令牌剩余有效时间,单位秒 - "refreshExpiresIn": 2592000 // 刷新令牌剩余有效时间,单位秒 + "scopes": [ // 所具有的权限列表 + "java.util.ArrayList", + [ + "userinfo", + "userid", + "openid", + "unionid", + "oidc" + ] + ], + "tokenType": "bearer", // tokenType + "grantType": "authorization_code", // 授权方式 + "extraData": { // 扩展数据 + "@class": "java.util.LinkedHashMap", + "userid": "10001", + "openid": "ded91dc189a437dd1bac2274be167d50", + "unionid": "11d48faa74c4e5f19355ccc53c1c5c7a", + "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vc2Etb2F1dGgtc2VydmVyLmNvbTo4MDAwIiwic3ViIjoiMTAwMDEiLCJhdWQiOiIxMDAxIiwiZXhwIjoxNzM4MjczOTUzLCJpYXQiOjE3MzgyNzMzNTMsImF1dGhfdGltZSI6MTczODI3MzM0Miwibm9uY2UiOiJZQTlPQjJzYkpGanZkUlFjN0E3V1pnTUFhTDFVRjE5OSIsImF6cCI6IjEwMDEifQ.pvoj6CR7tdhOblvYJoGUfvam9egSiL5Uw3tflLLMb5g" + }, + "createTime": 1738273353694, // 创建时间 + "expiresIn": 7199 // 资源令牌剩余有效时间,单位秒 + "refreshExpiresIn": 2592000, // 刷新令牌剩余有效时间,单位秒 } + ``` @@ -264,13 +283,29 @@ clientId + loginId 反查 Access-Token ``` js { - "@class": "cn.dev33.satoken.oauth2.model.RefreshTokenModel", // java class 信息 - "refreshToken": "EAubykIqRLwbvvi0wfZqnWxoC1bLhPguIfTqX3S1aoTe6pCLKsV9jU3OEI8U", // 刷新令牌值 - "expiresTime": 1725006831511, // 刷新令牌到期时间 + "@class": "cn.dev33.satoken.oauth2.data.model.RefreshTokenModel", // java class 信息 + "refreshToken": "baGyl6PHK304tPojnpxd1SpW12oJcOGv7gFaDAAkjLWbJG1J1WLUIGobsw7m", // 刷新令牌值 + "expiresTime": 1740865353760, // 刷新令牌到期时间 "clientId": "1001", // 对应的应用id - "scope": "", // 所具有的权限列表,多个用逗号隔开 "loginId": "10001", // 对应的loginId - "openid": "gr_SwoIN0MC1ewxHX_vfCW3BothWDZMMtx__", // 对应的 openid + "scopes": [ // 所具有的权限列表 + "java.util.ArrayList", + [ + "userinfo", + "userid", + "openid", + "unionid", + "oidc" + ] + ], + "extraData": { // 扩展数据 + "@class": "java.util.LinkedHashMap", + "userid": "10001", + "openid": "ded91dc189a437dd1bac2274be167d50", + "unionid": "11d48faa74c4e5f19355ccc53c1c5c7a", + "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vc2Etb2F1dGgtc2VydmVyLmNvbTo4MDAwIiwic3ViIjoiMTAwMDEiLCJhdWQiOiIxMDAxIiwiZXhwIjoxNzM4MjczOTUzLCJpYXQiOjE3MzgyNzMzNTMsImF1dGhfdGltZSI6MTczODI3MzM0Miwibm9uY2UiOiJZQTlPQjJzYkpGanZkUlFjN0E3V1pnTUFhTDFVRjE5OSIsImF6cCI6IjEwMDEifQ.pvoj6CR7tdhOblvYJoGUfvam9egSiL5Uw3tflLLMb5g" + }, + "createTime": 1738273353760, // 创建时间 "expiresIn": 2591999 // 刷新令牌剩余有效时间,单位秒 } ``` @@ -295,12 +330,27 @@ clientId + loginId 反查 Refresh-Token ``` js { - "@class": "cn.dev33.satoken.oauth2.model.ClientTokenModel", // java class 信息 - "clientToken": "fWQjBKxprSslmYFLbzen0oa95rOvqnqYKZW3sD8mzamNbabG8b6MPKPP5uCu", // 应用令牌值 - "expiresTime": 1722425237153, // 应用令牌到期时间 + "@class": "cn.dev33.satoken.oauth2.data.model.ClientTokenModel", // java class 信息 + "clientToken": "lIpS3fKEACKMFauEWVpR7Zmzh7SoFetPVuB9aDzISnqzHKu8R3OwpWFy5nLv", // 应用令牌值 + "expiresTime": 1738280930646, // 应用令牌到期时间 "clientId": "1001", // 对应的应用id - "scope": null, // 所具有的权限列表,多个用逗号隔开 - "expiresIn": 7200 // 应用令牌剩余有效时间,单位秒 + "scopes": [ // 所具有的权限列表 + "java.util.ArrayList", + [ + "userinfo", + "userid", + "openid", + "unionid", + "oidc" + ] + ], + "tokenType": "bearer", // tokenType + "grantType": "client_credentials", // 授权类型 + "extraData": { // 扩展数据 + "@class": "java.util.LinkedHashMap" + }, + "createTime": 1738273730646, // 创建时间 + "expiresIn": 7199 // 应用令牌剩余有效时间,单位秒 } ``` diff --git a/sa-token-doc/oauth2/oauth2-dev.md b/sa-token-doc/oauth2/oauth2-dev.md index 0d02cc41..9f428ea0 100644 --- a/sa-token-doc/oauth2/oauth2-dev.md +++ b/sa-token-doc/oauth2/oauth2-dev.md @@ -36,6 +36,19 @@ SaOAuth2Util.isGrantScope(loginId, clientId, scopes); ``` +### Code 相关 +``` java +// 获取 CodeModel,无效的 code 会返回 null +SaOAuth2Util.getCode(code); + +// 校验 Code,成功返回 CodeModel,失败则抛出异常 +SaOAuth2Util.checkCode(code); + +// 获取 Code,根据索引: clientId、loginId +SaOAuth2Util.getCodeValue(clientId, loginId); +``` + + ### Access-Token 相关 ``` java // 获取 AccessTokenModel,无效的 AccessToken 会返回 null diff --git a/sa-token-doc/oauth2/oauth2-openid.md b/sa-token-doc/oauth2/oauth2-openid.md index ca03859a..9d766e9b 100644 --- a/sa-token-doc/oauth2/oauth2-openid.md +++ b/sa-token-doc/oauth2/oauth2-openid.md @@ -1,5 +1,8 @@ # OpenId 与 UnionId +

+ 参考视频:OAuth2 授权流程中的 clientId、openId、unionId、userId 都是干嘛的? +

### 1、OpenId @@ -186,5 +189,3 @@ unionid 算法要求与 openid 基本一致,可参考上述 openid 算法要 - - diff --git a/sa-token-doc/oauth2/oauth2-server.md b/sa-token-doc/oauth2/oauth2-server.md index 40afd3a8..05e082b0 100644 --- a/sa-token-doc/oauth2/oauth2-server.md +++ b/sa-token-doc/oauth2/oauth2-server.md @@ -257,7 +257,7 @@ http://sa-oauth-server.com:8000/oauth2/token?grant_type=authorization_code&clien 测试完毕 -### 5、运行官方示例 +### 5、运行官方示例 以上代码只是简单模拟了一下OAuth2.0的授权流程,现在,我们运行一下官方示例,里面有制作好的UI界面 - OAuth2-Server端: `/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/` [源码链接](https://gitee.com/dromara/sa-token/tree/master/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server)
@@ -270,3 +270,19 @@ http://sa-oauth-server.com:8000/oauth2/token?grant_type=authorization_code&clien 如图,可以针对OAuth2.0四种模式进行详细测试 + +### 6、OAuth2 前端测试页 + +OAuth2 前端测试页: +`/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-client-h5/` +[源码链接](https://gitee.com/dromara/sa-token/tree/master/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-client-h5)
+ +此示例允许你在前端自由配置 OAuth-Client 端所需的各个参数,方便对 OAuth2 四种模式的测试。 + +![sa-oauth2-client-index](https://oss.dev33.cn/sa-token/doc/oauth2-new/sa-oauth2-client-test-h5-page.png 's-w-sh') + +

+ 参考视频:OAuth2 四种模式 前端测试页 +

+ + diff --git a/sa-token-doc/use/config.md b/sa-token-doc/use/config.md index 8b6018cb..e4413700 100644 --- a/sa-token-doc/use/config.md +++ b/sa-token-doc/use/config.md @@ -155,6 +155,8 @@ Cookie相关配置: | secure | Boolean | false | 是否只在 https 协议下有效 | | httpOnly | Boolean | false | 是否禁止 js 操作 Cookie | | sameSite | String | Lax | 第三方限制级别(Strict=完全禁止,Lax=部分允许,None=不限制) | +| extraAttrs | String | new LinkedHashMap() | 额外扩展属性 | + Cookie 配置示例: @@ -165,20 +167,37 @@ Cookie 配置示例: sa-token: # Cookie 相关配置 cookie: + # 基础属性 domain: stp.com path: / secure: false httpOnly: true sameSite: Lax + # 额外扩展属性 + extraAttrs: + # Cookie 优先级 + Priority: Medium + # Cookie 独立分区 + Partitioned: "" + # 可以是任意键值对 + # abc: def ``` ``` properties # Cookie 相关配置 +# ---- 基础属性 sa-token.cookie.domain=stp.com sa-token.cookie.path=/ sa-token.cookie.secure=false sa-token.cookie.httpOnly=true sa-token.cookie.sameSite=Lax +# ---- 额外扩展属性 +# Cookie 优先级 +sa-token.cookie.extraAttrs.Priority=Medium +# Cookie 独立分区 +sa-token.cookie.extraAttrs.Partitioned="" +# 可以是任意键值对 +# sa-token.cookie.extraAttrs.abc=def ```