feat:【system 系统管理】oauth2 支持 ClientCredentials 模式
This commit is contained in:
parent
e83834079e
commit
98ed800945
@ -35,6 +35,14 @@ tenant-id: {{adminTenantId}}
|
|||||||
|
|
||||||
grant_type=password&username=admin&password=admin123&scope=user.read
|
grant_type=password&username=admin&password=admin123&scope=user.read
|
||||||
|
|
||||||
|
### 请求 /system/oauth2/token + client_credentials 接口 => 成功
|
||||||
|
POST {{baseUrl}}/system/oauth2/token
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
Authorization: Basic ZGVmYXVsdDphZG1pbjEyMw==
|
||||||
|
tenant-id: {{adminTenantId}}
|
||||||
|
|
||||||
|
grant_type=client_credentials&scope=user.read
|
||||||
|
|
||||||
### 请求 /system/oauth2/token + refresh_token 接口 => 成功
|
### 请求 /system/oauth2/token + refresh_token 接口 => 成功
|
||||||
POST {{baseUrl}}/system/oauth2/token
|
POST {{baseUrl}}/system/oauth2/token
|
||||||
Content-Type: application/x-www-form-urlencoded
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|||||||
@ -94,6 +94,7 @@ public class OAuth2OpenController {
|
|||||||
@Parameter(name = "scope", example = "user_info"),
|
@Parameter(name = "scope", example = "user_info"),
|
||||||
@Parameter(name = "refresh_token", example = "123424233"),
|
@Parameter(name = "refresh_token", example = "123424233"),
|
||||||
})
|
})
|
||||||
|
@SuppressWarnings("EnhancedSwitchMigration")
|
||||||
public CommonResult<OAuth2OpenAccessTokenRespVO> postAccessToken(HttpServletRequest request,
|
public CommonResult<OAuth2OpenAccessTokenRespVO> postAccessToken(HttpServletRequest request,
|
||||||
@RequestParam("grant_type") String grantType,
|
@RequestParam("grant_type") String grantType,
|
||||||
@RequestParam(value = "code", required = false) String code, // 授权码模式
|
@RequestParam(value = "code", required = false) String code, // 授权码模式
|
||||||
@ -119,15 +120,23 @@ public class OAuth2OpenController {
|
|||||||
grantType, scopes, redirectUri);
|
grantType, scopes, redirectUri);
|
||||||
|
|
||||||
// 2. 根据授权模式,获取访问令牌
|
// 2. 根据授权模式,获取访问令牌
|
||||||
OAuth2AccessTokenDO accessTokenDO = switch (grantTypeEnum) {
|
OAuth2AccessTokenDO accessTokenDO;
|
||||||
// TODO @xingyu:这里改了,可能会影响 jdk8 版本哈;
|
switch (grantTypeEnum) {
|
||||||
case AUTHORIZATION_CODE ->
|
case AUTHORIZATION_CODE:
|
||||||
oauth2GrantService.grantAuthorizationCodeForAccessToken(client.getClientId(), code, redirectUri, state);
|
accessTokenDO = oauth2GrantService.grantAuthorizationCodeForAccessToken(client.getClientId(), code, redirectUri, state);
|
||||||
case PASSWORD -> oauth2GrantService.grantPassword(username, password, client.getClientId(), scopes);
|
break;
|
||||||
case CLIENT_CREDENTIALS -> oauth2GrantService.grantClientCredentials(client.getClientId(), scopes);
|
case PASSWORD:
|
||||||
case REFRESH_TOKEN -> oauth2GrantService.grantRefreshToken(refreshToken, client.getClientId());
|
accessTokenDO = oauth2GrantService.grantPassword(username, password, client.getClientId(), scopes);
|
||||||
default -> throw new IllegalArgumentException("未知授权类型:" + grantType);
|
break;
|
||||||
};
|
case CLIENT_CREDENTIALS:
|
||||||
|
accessTokenDO = oauth2GrantService.grantClientCredentials(client.getClientId(), scopes);
|
||||||
|
break;
|
||||||
|
case REFRESH_TOKEN:
|
||||||
|
accessTokenDO = oauth2GrantService.grantRefreshToken(refreshToken, client.getClientId());
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw new IllegalArgumentException("未知授权类型:" + grantType);
|
||||||
|
}
|
||||||
Assert.notNull(accessTokenDO, "访问令牌不能为空"); // 防御性检查
|
Assert.notNull(accessTokenDO, "访问令牌不能为空"); // 防御性检查
|
||||||
return success(OAuth2OpenConvert.INSTANCE.convert(accessTokenDO));
|
return success(OAuth2OpenConvert.INSTANCE.convert(accessTokenDO));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -86,8 +86,8 @@ public class OAuth2GrantServiceImpl implements OAuth2GrantService {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OAuth2AccessTokenDO grantClientCredentials(String clientId, List<String> scopes) {
|
public OAuth2AccessTokenDO grantClientCredentials(String clientId, List<String> scopes) {
|
||||||
// TODO 芋艿:项目中使用 OAuth2 解决的是三方应用的授权,内部的 SSO 等问题,所以暂时不考虑 client_credentials 这个场景
|
// 特殊:https://yuanbao.tencent.com/bot/app/share/chat/wFj642xSZHHx
|
||||||
throw new UnsupportedOperationException("暂时不支持 client_credentials 授权模式");
|
return oauth2TokenService.createAccessToken(0L, UserTypeEnum.ADMIN.getValue(), clientId, scopes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@ -197,6 +197,9 @@ public class OAuth2TokenServiceImpl implements OAuth2TokenService {
|
|||||||
* @return 用户信息
|
* @return 用户信息
|
||||||
*/
|
*/
|
||||||
private Map<String, String> buildUserInfo(Long userId, Integer userType) {
|
private Map<String, String> buildUserInfo(Long userId, Integer userType) {
|
||||||
|
if (userId == null || userId <= 0) {
|
||||||
|
return Collections.emptyMap();
|
||||||
|
}
|
||||||
if (userType.equals(UserTypeEnum.ADMIN.getValue())) {
|
if (userType.equals(UserTypeEnum.ADMIN.getValue())) {
|
||||||
AdminUserDO user = adminUserService.getUser(userId);
|
AdminUserDO user = adminUserService.getUser(userId);
|
||||||
return MapUtil.builder(LoginUser.INFO_KEY_NICKNAME, user.getNickname())
|
return MapUtil.builder(LoginUser.INFO_KEY_NICKNAME, user.getNickname())
|
||||||
@ -205,7 +208,7 @@ public class OAuth2TokenServiceImpl implements OAuth2TokenService {
|
|||||||
// 注意:目前 Member 暂时不读取,可以按需实现
|
// 注意:目前 Member 暂时不读取,可以按需实现
|
||||||
return Collections.emptyMap();
|
return Collections.emptyMap();
|
||||||
}
|
}
|
||||||
return null;
|
throw new IllegalArgumentException("未知用户类型:" + userType);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String generateAccessToken() {
|
private static String generateAccessToken() {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user