From c17b2444522bf14556a80c541cfb570699beb78c Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Sun, 18 Aug 2024 20:58:09 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E4=BE=9B=E9=BB=98=E8=AE=A4=20openid?=
 =?UTF-8?q?=20=E7=94=9F=E6=88=90=E7=AE=97=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/resources/templates/index.html   |  8 ++---
 .../com/pj/oauth2/SaOAuth2DataLoaderImpl.java |  9 ++---
 .../satoken/oauth2/config/SaOAuth2Config.java | 36 ++++++++++++++++---
 .../satoken/oauth2/consts/SaOAuth2Consts.java |  4 +++
 .../data/loader/SaOAuth2DataLoader.java       | 25 +++++++------
 5 files changed, 54 insertions(+), 28 deletions(-)

diff --git a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-client/src/main/resources/templates/index.html b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-client/src/main/resources/templates/index.html
index 9bcfde53..711f1a97 100644
--- a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-client/src/main/resources/templates/index.html
+++ b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-client/src/main/resources/templates/index.html
@@ -45,14 +45,14 @@
 			<a href="http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/">
 				<button>点我开始授权登录（静默授权）</button> 
 			</a>
-			<span class="ps">当请求链接不包含scope权限时，将无需用户手动确认，做到静默授权，当然此时我们也只能获取openid</span>
+			<span class="ps">当请求链接不包含 scope 权限，或请求的 scope 近期已授权时，将无需用户手动确认，做到静默授权</span>
 			<code>http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/</code>
 			
-			<a href="http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=userinfo">
+			<a href="http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo">
 				<button>授权登录（显式授权）</button> 
 			</a>
-			<span class="ps">当请求链接包含具体的scope权限时，将需要用户手动确认，此时我们除了openid以外还可以获取更多的资源</span>
-			<code>http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=userinfo</code>
+			<span class="ps">当请求链接包含具体的 scope 权限时，将需要用户手动确认，此时 OAuth-Server 会返回更多的数据</span>
+			<code>http://sa-oauth-server.com:8001/oauth2/authorize?response_type=code&client_id=1001&redirect_uri=http://sa-oauth-client.com:8002/&scope=openid,userid,userinfo</code>
 			
 			<button onclick="refreshToken()">刷新令牌</button> 
 			<span class="ps">我们可以拿着 Refresh-Token 去刷新我们的 Access-Token，每次刷新后旧Token将作废</span>
diff --git a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2DataLoaderImpl.java b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2DataLoaderImpl.java
index af90c631..f6ca372f 100644
--- a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2DataLoaderImpl.java
+++ b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2DataLoaderImpl.java
@@ -2,7 +2,6 @@ package com.pj.oauth2;
 
 import cn.dev33.satoken.oauth2.data.loader.SaOAuth2DataLoader;
 import cn.dev33.satoken.oauth2.data.model.loader.SaClientModel;
-import cn.dev33.satoken.secure.SaSecureUtil;
 import org.springframework.stereotype.Component;
 
 import java.util.Arrays;
@@ -24,7 +23,7 @@ public class SaOAuth2DataLoaderImpl implements SaOAuth2DataLoader {
 					.setClientId("1001")
 					.setClientSecret("aaaa-bbbb-cccc-dddd-eeee")
 					.setAllowUrl("*")
-					.setContractScopes(Arrays.asList("userinfo", "openid"))
+					.setContractScopes(Arrays.asList("openid", "userid", "userinfo"))
 					.setIsAutoMode(true);
 		}
 		return null;
@@ -33,10 +32,8 @@ public class SaOAuth2DataLoaderImpl implements SaOAuth2DataLoader {
 	// 根据ClientId 和 LoginId 获取openid 
 	@Override
 	public String getOpenid(String clientId, Object loginId) {
-		// 此为模拟数据，真实环境需要从数据库查询 
-//		return "gr_SwoIN0MC1ewxHX_vfCW3BothWDZMMtx__";
-		String prefix = "grSwoIN0MC1ewxHXvfCW3BothWDZMMtx";
-		return SaSecureUtil.md5(prefix + "_" + clientId + "_" + loginId);
+		// 此处使用框架默认算法生成 openid，真实环境建议改为从数据库查询
+		return SaOAuth2DataLoader.super.getOpenid(clientId, loginId);
 	}
 
 }
diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java
index 7478d63b..192c7b15 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java
@@ -15,6 +15,7 @@
  */
 package cn.dev33.satoken.oauth2.config;
 
+import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts;
 import cn.dev33.satoken.oauth2.function.SaOAuth2ConfirmViewFunction;
 import cn.dev33.satoken.oauth2.function.SaOAuth2DoLoginHandleFunction;
 import cn.dev33.satoken.oauth2.function.SaOAuth2NotLoginViewFunction;
@@ -59,9 +60,13 @@ public class SaOAuth2Config implements Serializable {
 	/** Client-Token 保存的时间(单位：秒) 默认两个小时 */
 	public long clientTokenTimeout = 60 * 60 * 2;
 
-	/** Past-Client-Token 保存的时间(单位：秒) 默认为 -1，代表延续 Client-Token有效期 */
+	/** Past-Client-Token 保存的时间(单位：秒) 默认为 -1，代表延续 Client-Token 有效期 */
 	public long pastClientTokenTimeout = -1;
 
+	/** 默认 openid 生成算法中使用的摘要前缀 */
+	public String openidDigestPrefix = SaOAuth2Consts.OPENID_DEFAULT_DIGEST_PREFIX;
+
+
 
 	/**
 	 * @return isCode
@@ -213,13 +218,29 @@ public class SaOAuth2Config implements Serializable {
 		return this;
 	}
 
+	/**
+	 * @return openidDigestPrefix
+	 */
+	public String getOpenidDigestPrefix() {
+		return openidDigestPrefix;
+	}
+
+	/**
+	 * @param openidDigestPrefix 要设置的 openidDigestPrefix
+	 * @return 对象自身
+	 */
+	public SaOAuth2Config setOpenidMd5Prefix(String openidDigestPrefix) {
+		this.openidDigestPrefix = openidDigestPrefix;
+		return this;
+	}
+
 	
 	// -------------------- SaOAuth2Handle 所有回调函数 -------------------- 
 	
 	/**
 	 * OAuth-Server端：未登录时返回的View 
 	 */
-	public SaOAuth2NotLoginViewFunction notLoginView = () -> "当前会话在OAuth-Server认证中心尚未登录";
+	public SaOAuth2NotLoginViewFunction notLoginView = () -> "当前会话在 OAuth-Server 认证中心尚未登录";
 
 	/**
 	 * OAuth-Server端：确认授权时返回的View 
@@ -234,9 +255,14 @@ public class SaOAuth2Config implements Serializable {
 	@Override
 	public String toString() {
 		return "SaOAuth2Config [isCode=" + isCode + ", isImplicit=" + isImplicit + ", isPassword=" + isPassword
-				+ ", isClient=" + isClient + ", isNewRefresh=" + isNewRefresh + ", codeTimeout=" + codeTimeout
-				+ ", accessTokenTimeout=" + accessTokenTimeout + ", refreshTokenTimeout=" + refreshTokenTimeout
-				+ ", clientTokenTimeout=" + clientTokenTimeout + ", pastClientTokenTimeout=" + pastClientTokenTimeout
+				+ ", isClient=" + isClient
+				+ ", isNewRefresh=" + isNewRefresh
+				+ ", codeTimeout=" + codeTimeout
+				+ ", accessTokenTimeout=" + accessTokenTimeout
+				+ ", refreshTokenTimeout=" + refreshTokenTimeout
+				+ ", clientTokenTimeout=" + clientTokenTimeout
+				+ ", pastClientTokenTimeout=" + pastClientTokenTimeout
+				+ ", openidDigestPrefix=" + openidDigestPrefix
 				+"]";
 	}
 	
diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java
index 6337cefc..a6e104c4 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java
@@ -102,6 +102,10 @@ public class SaOAuth2Consts {
 		public static String id_token = "id_token";
 	}
 
+
+	/** 默认 openid 生成算法中使用的前缀 */
+	public static final String OPENID_DEFAULT_DIGEST_PREFIX = "openid_default_digest_prefix";
+
 	/** 表示OK的返回结果 */
 	public static final String OK = "ok";
 
diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/loader/SaOAuth2DataLoader.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/loader/SaOAuth2DataLoader.java
index 4e262395..df6dece3 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/loader/SaOAuth2DataLoader.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/loader/SaOAuth2DataLoader.java
@@ -15,8 +15,10 @@
  */
 package cn.dev33.satoken.oauth2.data.loader;
 
+import cn.dev33.satoken.oauth2.SaOAuth2Manager;
 import cn.dev33.satoken.oauth2.data.model.loader.SaClientModel;
 import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception;
+import cn.dev33.satoken.secure.SaSecureUtil;
 
 /**
  * Sa-Token OAuth2 数据加载器
@@ -36,18 +38,6 @@ public interface SaOAuth2DataLoader {
         return null;
     }
 
-    /**
-     * 根据ClientId 和 LoginId 获取openid
-     *
-     * @param clientId 应用id
-     * @param loginId 账号id
-     * @return 此账号在此Client下的openid
-     */
-    default String getOpenid(String clientId, Object loginId) {
-        return null;
-    }
-
-
     /**
      * 根据 id 获取 Client 信息，不允许为 null
      *
@@ -62,6 +52,15 @@ public interface SaOAuth2DataLoader {
         return clientModel;
     }
 
-
+    /**
+     * 根据ClientId 和 LoginId 获取openid
+     *
+     * @param clientId 应用id
+     * @param loginId 账号id
+     * @return 此账号在此Client下的openid
+     */
+    default String getOpenid(String clientId, Object loginId) {
+        return SaSecureUtil.md5(SaOAuth2Manager.getConfig().getOpenidDigestPrefix() + "_" + clientId + "_" + loginId);
+    }
 
 }