JWT_BEARER flow

others/oauth2.1-flow.md

@@ -201,6 +201,7 @@ or [400]
 
 
 
+
 ## revoke token API
 Core-Class: OAuth2TokenRevocationEndpointFilter
 
@@ -273,6 +274,8 @@ https://springdoc.cn/spring-authorization-server/index.html
 
 https://developer.aliyun.com/article/1050110
 
+[jwt-bearer] https://developer.atlassian.com/cloud/jira/software/user-impersonation-for-connect-apps/
+
 在线PKCE生成工具
 1. PKCEUtils.java
 2. https://tonyxu-io.github.io/pkce-generator/

src/main/java/com/monkeyk/sos/service/dto/ClientSettingsDto.java

@@ -3,6 +3,7 @@ package com.monkeyk.sos.service.dto;
 import com.monkeyk.sos.infrastructure.SettingsUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
+import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 
@@ -72,8 +73,13 @@ public class ClientSettingsDto implements Serializable {
     public ClientSettings toSettings() {
         ClientSettings.Builder builder = ClientSettings.builder()
                 .requireProofKey(requireProofKey)
-                .requireAuthorizationConsent(requireAuthorizationConsent)
-                .tokenEndpointAuthenticationSigningAlgorithm(SignatureAlgorithm.valueOf(tokenEndpointAuthenticationSigningAlgorithm));
+                .requireAuthorizationConsent(requireAuthorizationConsent);
+        //区分不同算法:对称/非对称
+        if (tokenEndpointAuthenticationSigningAlgorithm.startsWith("HS")) {
+            builder.tokenEndpointAuthenticationSigningAlgorithm(MacAlgorithm.valueOf(tokenEndpointAuthenticationSigningAlgorithm));
+        } else {
+            builder.tokenEndpointAuthenticationSigningAlgorithm(SignatureAlgorithm.valueOf(tokenEndpointAuthenticationSigningAlgorithm));
+        }
         if (StringUtils.isNotBlank(jwkSetUrl)) {
             builder.jwkSetUrl(jwkSetUrl);
         }