springboot2 oauth2授权重定向匹配版本问题

"At least one redirect_uri must be registered with the client"

  • 从springboot1.x升到2.x 出现如下异常:
  • 原因: `DefaultRedirectResolver.resolveRedirect`
    • springboot 1.x
    • springboot 2.X
      • 解决方法

从springboot1.x升到2.x 出现如下异常:

OAuth Error
error="invalid_request", error_description="At least one redirect_uri must be registered with the client."

原因: DefaultRedirectResolver.resolveRedirect

springboot 1.x

    public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception {
        Set authorizedGrantTypes = client.getAuthorizedGrantTypes();
        if (authorizedGrantTypes.isEmpty()) {
            throw new InvalidGrantException("A client must have at least one authorized grant type.");
        } else if (!this.containsRedirectGrantType(authorizedGrantTypes)) {
            throw new InvalidGrantException("A redirect_uri can only be used by implicit or authorization_code grant types.");
        } else {
            Set redirectUris = client.getRegisteredRedirectUri();
            if (redirectUris != null && !redirectUris.isEmpty()) {
                return this.obtainMatchingRedirect(redirectUris, requestedRedirect);
                //为空返回当前URL地址
            } else if (StringUtils.hasText(requestedRedirect)) {	
                return requestedRedirect;
            } else {
                throw new InvalidRequestException("A redirect_uri must be supplied.");
            }
        }
    }

springboot 2.X

	public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception {

		Set authorizedGrantTypes = client.getAuthorizedGrantTypes();
		if (authorizedGrantTypes.isEmpty()) {
			throw new InvalidGrantException("A client must have at least one authorized grant type.");
		}
		if (!containsRedirectGrantType(authorizedGrantTypes)) {
			throw new InvalidGrantException(
					"A redirect_uri can only be used by implicit or authorization_code grant types.");
		}

		Set registeredRedirectUris = client.getRegisteredRedirectUri();
		//为空未抛出异常
		if (registeredRedirectUris == null || registeredRedirectUris.isEmpty()) {
			throw new InvalidRequestException("At least one redirect_uri must be registered with the client.");
		}
		return obtainMatchingRedirect(registeredRedirectUris, requestedRedirect);
	}

解决方法

1、修改包为2.1.0.RELEASE及以下

		
            org.springframework.security.oauth
            spring-security-oauth2
            2.1.0.RELEASE
        

2、接口ClientDetails.class的子类 覆盖方法 getRegisteredRedirectUri()

		org.springframework.security.oauth2.provider.client.BaseClientDetails
        baseClientDetails.setClientId("1111111111111");
        baseClientDetails.setClientSecret("2222222222");
        Set redirectUri = new HashSet<>(1);
        redirectUri.add("http://www.baidu.com");
        baseClientDetails.setRegisteredRedirectUri(redirectUri);

你可能感兴趣的:(踩过的坑,At,least,one,redirect_uri,must,be,r)