Module

模块 描述
spring-security-oauth2-core OAuth2 授权框架 + OIDC 核心数据结构及接口
spring-security-oauth2-jose 支持 JOSE 协议组
JWT: JSON Web Token
JWS: JSON Web Signature
JWE: JSON Web Encryption
JWK: JSON Web Key
spring-security-oauth2-client 支持 OAuth2OIDC 的客户端

Register application

callback: /login/oauth2/code/github

image-20221119205050210

Config

callback template: {baseUrl}/login/oauth2/code/{registrationId}

1
2
3
4
5
6
7
8
9
10
server:
  port: 9000
spring:
  security:
    oauth2:
      client:
        registration:
          github: # registrationId
            clientId: 0722018ad9600fd8561a
            clientSecret: *****9729110a

Controller

1
2
3
4
5
6
7
8
9
@RestController
public class HelloController {

  @GetMapping("/hello")
  public String hello(Principal principal) {
    // Principal 由 Spring Security 自动注入,代表当前登录用户
    return "hello " + principal.getName();
  }
}

Flow

image-20221119211443062

image-20221119211510307

image-20221119213727103

image-20221119213746837

Traffic

重定向到本站点的 oauth2/authorization/github

image-20221119211742768

构造授权 URL,重定向到授权服务器(Github)

image-20221119211942673

image-20221119212407283

用户授权后回调

image-20221119212522656

image-20221119212600445

Reference

  1. 微服务架构实战 160 讲