Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you about how to register the application of OAuth2.0 in SpringBootSecurity. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Application registration

An application that requires OAuth authorization must first register with the other party's website to let the other person know who is requesting it. For example, here is the registration page for github:

Https://github.com/settings/applications/new

Let's make a simple application registration by ourselves. According to the structure of the table oauth_client_details, we can only enter the application name and callback address when registering. The other fields are as follows:

Client_id: using UUID to generate

Client_secret: generated with UUID and encrypted with BCryptPasswordEncoder

Scope: default all

Authorized_grant_types: three default authorization_code,password,refresh_token

Here is the sql statement:

Methods in Service:

Interface definition:

Let's test the interface:

The expected client id and secret key are returned. Take a look at the database:

Now we can use the newly registered application to request tokens:

Http://localhost:8029/oauth/authorize?client_id=52f301a86511406ba5b4fbb4809614b0&response_type=code&redirect_uri=http://localhost:8029/

Token request result:

Status state field

To prevent CSRF attacks, you can add a state status parameter to the parameter when applying for the authorization code, which is a random string generated by the client. The authorization service will return this parameter and the parameter value intact, and the user will also carry this string for comparison when making requests for authorization from the client. As follows:

Http://localhost:8029/oauth/authorize?client_id=52f301a86511406ba5b4fbb4809614b0&response_type=code&redirect_uri=http://localhost:8029/&state=123456789

The returned result is as follows:

If the transmission of the past is not the same as the return, it can be considered illegal.

This is how to register the application of OAuth2.0 in SpringBootSecurity shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.