Spring Security 5.x Invalid Authorization Grant Type (password) for Client Registration with Id: reader
阿新 • • 發佈:2020-12-27
客戶端授權模式配置
authorizationGrantType: password
預設的授權請求解析不支援password模式,只支援AUTHORIZATION_CODE和IMPLICIT;
原始碼如下
DefaultOAuth2AuthorizationRequestResolver
private OAuth2AuthorizationRequest resolve(HttpServletRequest request, String registrationId, String redirectUriAction) { if (registrationId == null) { return null; } else { ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId); if (clientRegistration == null) { throw new IllegalArgumentException("Invalid Client Registration with Id: " + registrationId); } else { Map<String, Object> attributes = new HashMap(); attributes.put("registration_id", clientRegistration.getRegistrationId()); Builder builder; if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) { builder = OAuth2AuthorizationRequest.authorizationCode(); Map<String, Object> additionalParameters = new HashMap(); if (!CollectionUtils.isEmpty(clientRegistration.getScopes()) && clientRegistration.getScopes().contains("openid")) { this.addNonceParameters(attributes, additionalParameters); } if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())) { this.addPkceParameters(attributes, additionalParameters); } builder.additionalParameters(additionalParameters); } else { if (!AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) { throw new IllegalArgumentException("Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue() + ") for Client Registration with Id: " + clientRegistration.getRegistrationId()); } builder = OAuth2AuthorizationRequest.implicit(); } String redirectUriStr = expandRedirectUri(request, clientRegistration, redirectUriAction); OAuth2AuthorizationRequest authorizationRequest = builder.clientId(clientRegistration.getClientId()).authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()).redirectUri(redirectUriStr).scopes(clientRegistration.getScopes()).state(this.stateGenerator.generateKey()).attributes(attributes).build(); return authorizationRequest; } } }