大约 2 分钟
参考代码
Spring Boot Oauth2-master
数据库脚本在项目中 Oauth2 支持的授权方式目前有 5 类
| GRANT_TYPE | Description |
|---|---|
| authorization_code | 授权码模式(即先登录获取 code,再获取 token) [最常用] |
| password | 密码模式(将用户名、密码传过去,直接获取 token) [适用于移动设备] |
| client_credentials | 客户端模式(无用户,用户向客户端注册,然后客户端以自己的名义向'服务端'获取资源) |
| implicit | 简化模式(在 redirect_uri 的 Hash 传递 token,客户端运行在浏览器中,如 JS、Flash) |
| refresh_token | 更新 access_token |
| 调试参数文档 | 点击调试参数文档 可直接调试--强烈建议点开,里面参数好的文档和接口参数 |
1. authorization_code
- 使用浏览器复制下面链接->申请 code
http://localhost:9000/oauth/authorize?response_type=code&scope=read write&client_id=book&redirect_uri=http://www.baidu.com&state=b375bc2b-25f7-4dce-9b36-5f9e2d20bda1
- 进入权限选择页面登录 用户名 wang 密码 wang
- 是否允许
- 返回 code
- 登录后返回 code 码用来获取 token
http://www.baidu.com/?code=kG4F2N&state=b375bc2b-25f7-4dce-9b36-5f9e2d20bda1
- 得到 code 码 作为参数,申请 access_token(post 请求)
http://localhost:9000/oauth/token?client_id=book&client_secret=book&grant_type=authorization_code&code=nFXYw1&redirect_uri=http://www.baidu.com
- 返回 access_token
{"access_token":"30626e87-761f-410c-9497-84b29d310dd7","token_type":"bearer","refresh_token":"0843fbec-20e3-4802-93a0-357488403924","expires_in":29,"scope":"read write"}
- 请求资源
curl http://localhost:8000/book/classical -H "Authorization: Bearer 30626e87-761f-410c-9497-84b29d310dd7"
2. password
- 申请 access_token
curl -X POST http://localhost:9000/oauth/token -H "Accept: application/json" -d "grant_type=password&scope=read%20write&client_id=curl-client&client_secret=client-secret&username=nangzi&password=nangzi"
- 返回 access_token
{"access_token":"9ac3fe0f-f380-4149-8fca-19a72374365d","token_type":"bearer","refresh_token":"0843fbec-20e3-4802-93a0-357488403924","expires_in":29,"scope":"read write"}
- 请求资源
curl http://localhost:8000/book/classical-H "Authorization: Bearer 9ac3fe0f-f380-4149-8fca-19a72374365d"
3. client_credentials
- 申请 access_token
curl -X POST http://localhost:9000/oauth/token -H "Accept: application/json" -d "grant_type=client_credentials&scope=read%20write&client_id=curl-client&client_secret=client-secret"
- 返回 access_token
{"access_token":"904953fc-f446-49f3-9258-06d0f6cfba5b","token_type":"bearer","expires_in":29,"scope":"read write"}
- 请求资源
curl http://localhost:8000/book/classical -H "Authorization: Bearer 904953fc-f446-49f3-9258-06d0f6cfba5b"
4. implicit
是否需要登录待确认
- 请求 access_token
http://localhost:9000/oauth/authorize?response_type=token&scope=read write&client_id=book&client_secret=book&redirect_uri=http://www.baidu.com&state=b375bc2b-25f7-4dce-9b36-5f9e2d20bda1
- 登录
- 是否允许
- 返回 access_token
http://www.baidu.com/#access_token=aa7779b0-b98e-4739-b0d7-922a811ed134&token_type=bearer&state=b375bc2b-25f7-4dce-9b36-5f9e2d20bda1&expires_in=29
- 请求资源
curl http://localhost:8000/book/classical -H "Authorization: Bearer aa7779b0-b98e-4739-b0d7-922a811ed134"
5. refresh_token
- 请求 refresh_token
curl -X POST http://localhost:9000/oauth/token -H "Accept: application/json" -d "grant_type=refresh_token&refresh_token=0843fbec-20e3-4802-93a0-357488403924&client_id=curl-client&client_secret=client-secret"
- 返回 access_token
{"access_token":"6aa17ed5-e684-4dfa-90a8-61b2ad7c7615","token_type":"bearer","refresh_token":"0843fbec-20e3-4802-93a0-357488403924","expires_in":29,"scope":"read write"}
- 请求资源
curl http://localhost:8000/book/classical -H "Authorization: Bearer 6aa17ed5-e684-4dfa-90a8-61b2ad7c7615"