|
|
|
|
最后更新:2021-11-20
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
从v2.1.x版本开始,推荐使用 admin账号登录系统后在界面进行测试。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
方式1:基于浏览器 (访问时后跳到登录页面,登录成功后跳转到redirect_uri指定的地址) [GET]
|
|
|
|
|
说明:只能使用admin或unity 账号登录才能有权限访问,若使用mobile账号登录将返回Access is denied
|
|
|
|
|
http://localhost:8080/oauth/authorize?client_id=unity-client&redirect_uri=http%3a%2f%2flocalhost%3a8080%2funity%2fdashboard&response_type=code&scope=read
|
|
|
|
|
|
|
|
|
|
说明: 由于mobile-client只支持password,refresh_token, 所以不管用哪个账号登录后都将返回 OAuth Error
|
|
|
|
|
http://localhost:8080/oauth/authorize?client_id=mobile-client&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fm%2fdashboard&response_type=code&scope=read
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
响应的URL如:
|
|
|
|
|
http://localhost:8080/unity/dashboard?code=hGQ8qx
|
|
|
|
|
|
|
|
|
|
通过code换取access_token [POST] (注意:这一步用httpclient在程序中调用,不要在浏览器中)
|
|
|
|
|
http://localhost:8080/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=hGQ8qx&redirect_uri=http%3a%2f%2flocalhost%3a8080%2funity%2fdashboard
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
方式2:基于客户端 (注意参数中的username,password,对应用户的账号,密码) [POST] (注意:这一步用httpclient在程序中调用,不要在浏览器中)
|
|
|
|
|
http://localhost:8080/oauth/token?client_id=mobile-client&client_secret=mobile&grant_type=password&scope=read&username=mobile&password=mobile
|
|
|
|
|
|
|
|
|
|
说明:由于unity-client不支持password,所以若用unity-client通过password方式去授权,将返回 invalid_client
|
|
|
|
|
http://localhost:8080/oauth/token?client_id=unity-client&client_secret=unity&grant_type=password&scope=read&username=mobile&password=mobile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
获取access_token响应的数据如:
|
|
|
|
|
{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic29zLXJlc291cmNlIl0sImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbInJlYWQiXSwiZXhwIjoxNjM3NDY0NTY3LCJhdXRob3JpdGllcyI6WyJST0xFX01PQklMRSIsIlJPTEVfQURNSU4iLCJST0xFX1VTRVIiLCJST0xFX1VOSVRZIl0sImp0aSI6IjBkOWRjN2M2LTJlODEtNDE3MS1iZjg2LWU1MzE2YmJhN2VmYiIsImNsaWVudF9pZCI6InVuaXR5LWNsaWVudCJ9._Jy_h_KIlK-eWWs1EH6_sdjhSon2QlX3dQrh4BZcx3k","token_type":"bearer","refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic29zLXJlc291cmNlIl0sImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbInJlYWQiXSwiYXRpIjoiMGQ5ZGM3YzYtMmU4MS00MTcxLWJmODYtZTUzMTZiYmE3ZWZiIiwiZXhwIjoxNjQwMDEzMzY3LCJhdXRob3JpdGllcyI6WyJST0xFX01PQklMRSIsIlJPTEVfQURNSU4iLCJST0xFX1VTRVIiLCJST0xFX1VOSVRZIl0sImp0aSI6IjZlNDAwODI5LTM2NmEtNGNjZi1hMTI4LWJkNmQzZjdkNTk3NSIsImNsaWVudF9pZCI6InVuaXR5LWNsaWVudCJ9.dTo_hC7vm54NNySEEexzPld6uFypAzI0McyjXH-ucG0","expires_in":43199,"scope":"read","jti":"0d9dc7c6-2e81-4171-bf86-e5316bba7efb"}
|
|
|
|
|
|
|
|
|
|
获取access_token后访问资源 [GET]
|
|
|
|
|
http://localhost:8080/unity/dashboard?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic29...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
刷新access_token [POST] (注意:这一步用httpclient在程序中调用,不要在浏览器中)
|
|
|
|
|
http://localhost:8080/oauth/token?client_id=mobile-client&client_secret=mobile&grant_type=refresh_token&refresh_token=b36f4978-a172-4aa8-af89-60f58abe3ba1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Restful OAuth2 Test [POST] (注意:这一步用httpclient在程序中调用,不要在浏览器中)
|
|
|
|
|
URL: /oauth/rest_token
|
|
|
|
|
ContentType: application/json
|
|
|
|
|
|
|
|
|
|
DEMO URL: http://localhost:8080/oauth2/rest_token
|
|
|
|
|
Request Body:
|
|
|
|
|
{"grant_type":"client_credentials","scope":"read","client_id":"credentials","client_secret":"credentials","username":"user","password":"123"}
|
|
|
|
|
|
|
|
|
|
Response Body:
|
|
|
|
|
{
|
|
|
|
|
"access_token": "cd165ebc-562d-45df-8488-9f1ba947553e",
|
|
|
|
|
"token_type": "bearer",
|
|
|
|
|
"expires_in": 43193,
|
|
|
|
|
"scope": "read"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
更多的测试请访问
|
|
|
|
|
https://gitee.com/mkk/spring-oauth-client
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
------------------------------------------------------------------------------------------------
|
|
|
|
|
grant_type(授权方式)
|
|
|
|
|
1.authorization_code 授权码模式(即先登录获取code,再获取token)
|
|
|
|
|
2.password 密码模式(将用户名,密码传过去,直接获取token)
|
|
|
|
|
3.refresh_token 刷新token
|
|
|
|
|
4.implicit 简化模式(在redirect_uri 的Hash传递token; Auth客户端运行在浏览器中,如JS,Flash)
|
|
|
|
|
5.client_credentials 客户端模式(无用户,用户向客户端注册,然后客户端以自己的名义向'服务端'获取资源)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
scope
|
|
|
|
|
1.read
|
|
|
|
|
2.write
|
|
|
|
|
3.trust
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
------------------------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
Resource API
|
|
|
|
|
Use it get resource-server resources after auth successful. will use it in <spring-oauth-client> project.
|
|
|
|
|
(retrieve current logged user information)
|
|
|
|
|
|
|
|
|
|
[ROLE_UNITY]
|
|
|
|
|
http://localhost:8080/unity/user_info?access_token=b03b99a1-f128-4d6e-b9d3-38a0ebcab5ef
|
|
|
|
|
Response JSON
|
|
|
|
|
{"archived":false,"email":"unity@wdcy.cc","guid":"55b713df1c6f423e842ad68668523c49","phone":"","privileges":["UNITY"],"username":"unity"}
|
|
|
|
|
|
|
|
|
|
[ROLE_MOBILE]
|
|
|
|
|
http://localhost:8080/m/user_info?access_token=20837fa5-a0a1-4c76-9083-1f0e47ca0208
|
|
|
|
|
Response JSON
|
|
|
|
|
{"archived":false,"email":"mobile@wdcy.cc","guid":"612025cb3f964a64a48bbdf77e53c2c1","phone":"","privileges":["MOBILE"],"username":"mobile"}
|
|
|
|
|
|