feat(oauth2): SaClientModel 新增 isAutoConfirm 配置项，用于决定是否允许应用可以自动确认授权

2025-06-28 04:35:16 +08:00 · 2025-05-10 03:21:40 +08:00 · 2025-05-10 03:21:40 +08:00 · a27e1d85b6
commit a27e1d85b6
parent 49622fbf2d
3 changed files with 32 additions and 6 deletions
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java
@ -46,9 +46,9 @@ public class SaOAuth2DataConverterDefaultImpl implements SaOAuth2DataConverter {
            return new ArrayList<>();
        }
        // 兼容以下三种分隔符：空格、逗号、%20、加号
-        scopeString = scopeString.replaceAll(" ", ",");
-        scopeString = scopeString.replaceAll("%20", ",");
-        scopeString = scopeString.replaceAll("+", ",");
+        scopeString = scopeString.replace(" ", ",");
+        scopeString = scopeString.replace("%20", ",");
+        scopeString = scopeString.replace("+", ",");
        return SaFoxUtil.convertStringToList(scopeString);
    }

--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java
@ -78,6 +78,9 @@ public class SaClientModel implements Serializable {
 	/** 单独配置此Client：Lower-Client-Token 保存的时间(单位：秒) [默认取全局配置] */
 	public long lowerClientTokenTimeout;

+	/** 是否允许此应用自动确认授权（高危配置，禁止向不被信任的第三方开启此选项） */
+	public Boolean isAutoConfirm = false;
+
 	
 	public SaClientModel() {
 		SaOAuth2ServerConfig config = SaOAuth2Manager.getServerConfig();
@ -88,7 +91,7 @@ public class SaClientModel implements Serializable {
 		this.lowerClientTokenTimeout = config.getLowerClientTokenTimeout();
 	}
 	public SaClientModel(String clientId, String clientSecret, List<String> contractScopes, List<String> allowRedirectUris) {
-		super();
+		this();
 		this.clientId = clientId;
 		this.clientSecret = clientSecret;
 		this.contractScopes = contractScopes;
@ -274,7 +277,26 @@ public class SaClientModel implements Serializable {
 		this.lowerClientTokenTimeout = lowerClientTokenTimeout;
 		return this;
 	}
-	
+
+	/**
+	 * 获取 是否允许此应用自动确认授权（高危配置，禁止向不被信任的第三方开启此选项）
+	 *
+	 * @return /
+	 */
+	public Boolean getIsAutoConfirm() {
+		return this.isAutoConfirm;
+	}
+
+	/**
+	 * 设置 是否允许此应用自动确认授权（高危配置，禁止向不被信任的第三方开启此选项）
+	 *
+	 * @param isAutoConfirm /
+	 * @return 对象自身
+	 */
+	public SaClientModel setIsAutoConfirm(Boolean isAutoConfirm) {
+		this.isAutoConfirm = isAutoConfirm;
+		return this;
+	}
 	//

 	@Override
@ -291,6 +313,7 @@ public class SaClientModel implements Serializable {
 				", refreshTokenTimeout=" + refreshTokenTimeout +
 				", clientTokenTimeout=" + clientTokenTimeout +
 				", lowerClientTokenTimeout=" + lowerClientTokenTimeout +
+				", isAutoConfirm=" + isAutoConfirm +
 				'}';
 	}

--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java
@ -138,7 +138,10 @@ public class SaOAuth2ServerProcessor {
 		// 6、判断：如果此次申请的Scope，该用户尚未授权，则转到授权页面
 		boolean isNeedCarefulConfirm = oauth2Template.isNeedCarefulConfirm(ra.loginId, ra.clientId, ra.scopes);
 		if(isNeedCarefulConfirm) {
-			return cfg.confirmView.apply(ra.clientId, ra.scopes);
+			SaClientModel cm = oauth2Template.checkClientModel(ra.clientId);
+			if( ! cm.getIsAutoConfirm()) {
+				return cfg.confirmView.apply(ra.clientId, ra.scopes);
+			}
 		}

 		// 7、判断授权类型，重定向到不同地址