mirror of
https://gitee.com/dromara/sa-token.git
synced 2025-05-02 20:02:45 +08:00
提供默认 openid 生成算法
This commit is contained in:
click33
parent
f0c2949539
commit
c17b244452
@ -45,14 +45,14 @@
|
||||
<a href="http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/">
|
||||
<button>点我开始授权登录(静默授权)</button>
|
||||
</a>
|
||||
<span class="ps">当请求链接不包含scope权限时,将无需用户手动确认,做到静默授权,当然此时我们也只能获取openid</span>
|
||||
<span class="ps">当请求链接不包含 scope 权限,或请求的 scope 近期已授权时,将无需用户手动确认,做到静默授权</span>
|
||||
<code>http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/</code>
|
||||
|
||||
<a href="http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=userinfo">
|
||||
<a href="http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo">
|
||||
<button>授权登录(显式授权)</button>
|
||||
</a>
|
||||
<span class="ps">当请求链接包含具体的scope权限时,将需要用户手动确认,此时我们除了openid以外还可以获取更多的资源</span>
|
||||
<code>http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=userinfo</code>
|
||||
<span class="ps">当请求链接包含具体的 scope 权限时,将需要用户手动确认,此时 OAuth-Server 会返回更多的数据</span>
|
||||
<code>http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo</code>
|
||||
|
||||
<button onclick="refreshToken()">刷新令牌</button>
|
||||
<span class="ps">我们可以拿着 Refresh-Token 去刷新我们的 Access-Token,每次刷新后旧Token将作废</span>
|
||||
|
||||
@ -2,7 +2,6 @@ package com.pj.oauth2;
|
||||
|
||||
import cn.dev33.satoken.oauth2.data.loader.SaOAuth2DataLoader;
|
||||
import cn.dev33.satoken.oauth2.data.model.loader.SaClientModel;
|
||||
import cn.dev33.satoken.secure.SaSecureUtil;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.Arrays;
|
||||
@ -24,7 +23,7 @@ public class SaOAuth2DataLoaderImpl implements SaOAuth2DataLoader {
|
||||
.setClientId("1001")
|
||||
.setClientSecret("aaaa-bbbb-cccc-dddd-eeee")
|
||||
.setAllowUrl("*")
|
||||
.setContractScopes(Arrays.asList("userinfo", "openid"))
|
||||
.setContractScopes(Arrays.asList("openid", "userid", "userinfo"))
|
||||
.setIsAutoMode(true);
|
||||
}
|
||||
return null;
|
||||
@ -33,10 +32,8 @@ public class SaOAuth2DataLoaderImpl implements SaOAuth2DataLoader {
|
||||
// 根据ClientId 和 LoginId 获取openid
|
||||
@Override
|
||||
public String getOpenid(String clientId, Object loginId) {
|
||||
// 此为模拟数据,真实环境需要从数据库查询
|
||||
// return "gr_SwoIN0MC1ewxHX_vfCW3BothWDZMMtx__";
|
||||
String prefix = "grSwoIN0MC1ewxHXvfCW3BothWDZMMtx";
|
||||
return SaSecureUtil.md5(prefix + "_" + clientId + "_" + loginId);
|
||||
// 此处使用框架默认算法生成 openid,真实环境建议改为从数据库查询
|
||||
return SaOAuth2DataLoader.super.getOpenid(clientId, loginId);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
*/
|
||||
package cn.dev33.satoken.oauth2.config;
|
||||
|
||||
import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts;
|
||||
import cn.dev33.satoken.oauth2.function.SaOAuth2ConfirmViewFunction;
|
||||
import cn.dev33.satoken.oauth2.function.SaOAuth2DoLoginHandleFunction;
|
||||
import cn.dev33.satoken.oauth2.function.SaOAuth2NotLoginViewFunction;
|
||||
@ -59,9 +60,13 @@ public class SaOAuth2Config implements Serializable {
|
||||
/** Client-Token 保存的时间(单位:秒) 默认两个小时 */
|
||||
public long clientTokenTimeout = 60 * 60 * 2;
|
||||
|
||||
/** Past-Client-Token 保存的时间(单位:秒) 默认为 -1,代表延续 Client-Token有效期 */
|
||||
/** Past-Client-Token 保存的时间(单位:秒) 默认为 -1,代表延续 Client-Token 有效期 */
|
||||
public long pastClientTokenTimeout = -1;
|
||||
|
||||
/** 默认 openid 生成算法中使用的摘要前缀 */
|
||||
public String openidDigestPrefix = SaOAuth2Consts.OPENID_DEFAULT_DIGEST_PREFIX;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @return isCode
|
||||
@ -213,13 +218,29 @@ public class SaOAuth2Config implements Serializable {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return openidDigestPrefix
|
||||
*/
|
||||
public String getOpenidDigestPrefix() {
|
||||
return openidDigestPrefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param openidDigestPrefix 要设置的 openidDigestPrefix
|
||||
* @return 对象自身
|
||||
*/
|
||||
public SaOAuth2Config setOpenidMd5Prefix(String openidDigestPrefix) {
|
||||
this.openidDigestPrefix = openidDigestPrefix;
|
||||
return this;
|
||||
}
|
||||
|
||||
|
||||
// -------------------- SaOAuth2Handle 所有回调函数 --------------------
|
||||
|
||||
/**
|
||||
* OAuth-Server端:未登录时返回的View
|
||||
*/
|
||||
public SaOAuth2NotLoginViewFunction notLoginView = () -> "当前会话在OAuth-Server认证中心尚未登录";
|
||||
public SaOAuth2NotLoginViewFunction notLoginView = () -> "当前会话在 OAuth-Server 认证中心尚未登录";
|
||||
|
||||
/**
|
||||
* OAuth-Server端:确认授权时返回的View
|
||||
@ -234,9 +255,14 @@ public class SaOAuth2Config implements Serializable {
|
||||
@Override
|
||||
public String toString() {
|
||||
return "SaOAuth2Config [isCode=" + isCode + ", isImplicit=" + isImplicit + ", isPassword=" + isPassword
|
||||
+ ", isClient=" + isClient + ", isNewRefresh=" + isNewRefresh + ", codeTimeout=" + codeTimeout
|
||||
+ ", accessTokenTimeout=" + accessTokenTimeout + ", refreshTokenTimeout=" + refreshTokenTimeout
|
||||
+ ", clientTokenTimeout=" + clientTokenTimeout + ", pastClientTokenTimeout=" + pastClientTokenTimeout
|
||||
+ ", isClient=" + isClient
|
||||
+ ", isNewRefresh=" + isNewRefresh
|
||||
+ ", codeTimeout=" + codeTimeout
|
||||
+ ", accessTokenTimeout=" + accessTokenTimeout
|
||||
+ ", refreshTokenTimeout=" + refreshTokenTimeout
|
||||
+ ", clientTokenTimeout=" + clientTokenTimeout
|
||||
+ ", pastClientTokenTimeout=" + pastClientTokenTimeout
|
||||
+ ", openidDigestPrefix=" + openidDigestPrefix
|
||||
+"]";
|
||||
}
|
||||
|
||||
|
||||
@ -102,6 +102,10 @@ public class SaOAuth2Consts {
|
||||
public static String id_token = "id_token";
|
||||
}
|
||||
|
||||
|
||||
/** 默认 openid 生成算法中使用的前缀 */
|
||||
public static final String OPENID_DEFAULT_DIGEST_PREFIX = "openid_default_digest_prefix";
|
||||
|
||||
/** 表示OK的返回结果 */
|
||||
public static final String OK = "ok";
|
||||
|
||||
|
||||
@ -15,8 +15,10 @@
|
||||
*/
|
||||
package cn.dev33.satoken.oauth2.data.loader;
|
||||
|
||||
import cn.dev33.satoken.oauth2.SaOAuth2Manager;
|
||||
import cn.dev33.satoken.oauth2.data.model.loader.SaClientModel;
|
||||
import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception;
|
||||
import cn.dev33.satoken.secure.SaSecureUtil;
|
||||
|
||||
/**
|
||||
* Sa-Token OAuth2 数据加载器
|
||||
@ -36,18 +38,6 @@ public interface SaOAuth2DataLoader {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据ClientId 和 LoginId 获取openid
|
||||
*
|
||||
* @param clientId 应用id
|
||||
* @param loginId 账号id
|
||||
* @return 此账号在此Client下的openid
|
||||
*/
|
||||
default String getOpenid(String clientId, Object loginId) {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 根据 id 获取 Client 信息,不允许为 null
|
||||
*
|
||||
@ -62,6 +52,15 @@ public interface SaOAuth2DataLoader {
|
||||
return clientModel;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 根据ClientId 和 LoginId 获取openid
|
||||
*
|
||||
* @param clientId 应用id
|
||||
* @param loginId 账号id
|
||||
* @return 此账号在此Client下的openid
|
||||
*/
|
||||
default String getOpenid(String clientId, Object loginId) {
|
||||
return SaSecureUtil.md5(SaOAuth2Manager.getConfig().getOpenidDigestPrefix() + "_" + clientId + "_" + loginId);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user