mirror of
https://gitee.com/dromara/sa-token.git
synced 2025-10-22 03:27:23 +08:00
新增 OIDC 协议实现
This commit is contained in:
click33
@@ -48,11 +48,11 @@
|
||||
<span class="ps">当请求链接不包含 scope 权限,或请求的 scope 近期已授权时,将无需用户手动确认,做到静默授权</span>
|
||||
<code>http://sa-oauth-server.com:8000/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/</code>
|
||||
|
||||
<a href="http://sa-oauth-server.com:8000/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo">
|
||||
<a href="http://sa-oauth-server.com:8000/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo,oidc">
|
||||
<button>授权登录(显式授权)</button>
|
||||
</a>
|
||||
<span class="ps">当请求链接包含具体的 scope 权限时,将需要用户手动确认,此时 OAuth-Server 会返回更多的数据</span>
|
||||
<code>http://sa-oauth-server.com:8000/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo</code>
|
||||
<code>http://sa-oauth-server.com:8000/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo,oidc</code>
|
||||
|
||||
<button onclick="refreshToken()">刷新令牌</button>
|
||||
<span class="ps">我们可以拿着 Refresh-Token 去刷新我们的 Access-Token,每次刷新后旧Token将作废</span>
|
||||
|
||||
@@ -59,6 +59,13 @@
|
||||
<artifactId>spring-boot-starter-thymeleaf</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- sa-token-jwt 签发 OIDC id_token 令牌 -->
|
||||
<dependency>
|
||||
<groupId>cn.dev33</groupId>
|
||||
<artifactId>sa-token-jwt</artifactId>
|
||||
<version>${sa-token.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- 热刷新 -->
|
||||
<!--<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
|
||||
@@ -4,6 +4,8 @@ import cn.dev33.satoken.oauth2.SaOAuth2Manager;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
|
||||
import java.net.MalformedURLException;
|
||||
|
||||
/**
|
||||
* 启动:Sa-OAuth2 Server端
|
||||
* @author click33
|
||||
@@ -11,10 +13,10 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
@SpringBootApplication
|
||||
public class SaOAuth2ServerApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
public static void main(String[] args) throws MalformedURLException {
|
||||
SpringApplication.run(SaOAuth2ServerApplication.class, args);
|
||||
System.out.println("\nSa-Token-OAuth2 Server端启动成功,配置如下:");
|
||||
System.out.println(SaOAuth2Manager.getConfig());
|
||||
System.out.println(SaOAuth2Manager.getServerConfig());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ public class SaOAuth2DataLoaderImpl implements SaOAuth2DataLoader {
|
||||
.setClientId("1001") // client id
|
||||
.setClientSecret("aaaa-bbbb-cccc-dddd-eeee") // client 秘钥
|
||||
.addAllowRedirectUris("*") // 所有允许授权的 url
|
||||
.addContractScopes("openid", "userid", "userinfo") // 所有签约的权限
|
||||
.addContractScopes("openid", "userid", "userinfo", "oidc") // 所有签约的权限
|
||||
.addAllowGrantTypes( // 所有允许的授权模式
|
||||
GrantType.authorization_code, // 授权码式
|
||||
GrantType.implicit, // 隐式式
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
package com.pj.oauth2.custom;
|
||||
|
||||
import cn.dev33.satoken.oauth2.data.model.oidc.IdTokenModel;
|
||||
import cn.dev33.satoken.oauth2.scope.handler.OidcScopeHandler;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
/**
|
||||
* 扩展 OIDC 权限处理器,返回更多字段
|
||||
*
|
||||
* @author click33
|
||||
* @since 2024/8/24
|
||||
*/
|
||||
@Component
|
||||
public class CustomOidcScopeHandler extends OidcScopeHandler {
|
||||
|
||||
@Override
|
||||
public IdTokenModel workExtraData(IdTokenModel idToken) {
|
||||
Object userId = idToken.sub;
|
||||
System.out.println("----- 为 idToken 追加扩展字段 ----- ");
|
||||
|
||||
idToken.extraData.put("uid", userId); // 用户id
|
||||
idToken.extraData.put("nickname", "lin_xiao_lin"); // 昵称
|
||||
idToken.extraData.put("picture", "https://sa-token.cc/logo.png"); // 头像
|
||||
idToken.extraData.put("email", "456456@xx.com"); // 邮箱
|
||||
idToken.extraData.put("phone_number", "13144556677"); // 手机号
|
||||
// 更多字段 ...
|
||||
// 可参考:https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
|
||||
|
||||
return idToken;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -7,6 +7,8 @@ sa-token:
|
||||
token-name: sa-token-oauth2-server
|
||||
# 是否打印操作日志
|
||||
is-log: true
|
||||
# jwt 秘钥
|
||||
jwt-secret-key: saxsaxsaxsax
|
||||
# OAuth2.0 配置
|
||||
oauth2-server:
|
||||
# 是否全局开启授权码模式
|
||||
|
||||
Reference in New Issue
Block a user