使用grant_type=authorization_code 方式来获取access_token, 需要先获取code
+ +
+ 请求URI: /oauth/token POST
+
| 参数名 | +参数值 | +必须? | +备注 | +
|---|---|---|---|
| client_id | +{client_id} | +是 | ++ |
| client_secret | +{client_secret} | +是 | ++ |
| grant_type | +authorization_code | +是 | +固定值 | +
| code | +{code} | +是 | ++ |
| redirect_uri | +{redirect_uri} | +是 | ++ |
+ http://localhost:8080/spring-oauth-server/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=[code]&redirect_uri=[redirect_uri]
+
+ 正常 [200]
+
+ {"access_token":"2c612eb7-a22b-45f0-8b2e-cd6f9e366772","token_type":"bearer","refresh_token":"6c984bdc-01c7-486f-93bf-5637990d8a37","expires_in":43199,"scope":"read
+ write"}
+
+
+ 异常 [401]
+
+ {"error":"invalid_grant","error_description":"Invalid authorization code: vzmIh1"}
+
+
使用grant_type=client_credentials 方式来获取access_token, 不需要username, password
+ +
+ 请求URI: /oauth/token POST
+
| 参数名 | +参数值 | +必须? | +备注 | +
|---|---|---|---|
| client_id | +{client_id} | +是 | ++ |
| client_secret | +{client_secret} | +是 | ++ |
| grant_type | +client_credentials | +是 | +固定值 | +
| scope | +{scope} | +是 | +read or write | +
+ http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=client_credentials&scope=read
+
+ 正常 [200]
+
+ {"access_token":"e5ea7620-5459-4d53-a7a0-6888bbb76f62","token_type":"bearer","expires_in":43199,"scope":"read"}
+
+
+ 异常 [401]
+
+ <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth>
+
+
Restful API 获取access_token, + 适用于grant_type为authorization_code,password,refresh_token,client_credentials
+ +
+ 请求URI: /oauth/rest_token POST REST
+
+ Content-Type: + application/json +
+| 参数名 | +参数值 | +必须? | +备注 | +
|---|---|---|---|
| grant_type | +{grant_type} | +是 | +authorization_code,password,refresh_token,client_credentials | +
| scope | +{scope} | +是 | +read or write | +
| client_id | +{client_id} | +是 | ++ |
| client_secret | +{client_secret} | +是 | ++ |
| username | +{username} | +否 | +grant_type=password时必须有 | +
| password | +{password} | +否 | +grant_type=password时必须有 | +
+ {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read","username":"mobile","password":"mobile"}
+
+ {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read"}
+
+ 正常 [200]
+
+ {"access_token":"e2996930-8398-44fd-8de5-7d1b1624ced7","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43008,"scope":"read"}
+
+
+ 异常 [401]
+
+ {"error":"invalid_grant","error_description":"Bad credentials"}
+
+
校验, 检查access_token的有效性
+ +
+ 请求URI: /oauth/check_token POST
+
| 参数名 | +参数值 | +必须? | +备注 | +
|---|---|---|---|
| token | +{access_token} | +是 | ++ |
| client_id | +{client_id} | +是 | ++ |
+ http://localhost:8080/spring-oauth-server/oauth/check_token?token=e2996930-8398-44fd-8de5-7d1b1624ced7&client_id=mobile-client
+
+ 正常 [200]
+
+ {"aud":["mobile-resource"],"exp":1505878459,"user_name":"mobile","authorities":["ROLE_MOBILE","ROLE_USER"],"client_id":"mobile-client","scope":["read","write"]}
+
+
+ 异常 [401]
+
+ {"error":"invalid_token","error_description":"Token was not recognised"}
+
+
用于在access_token要过期时换取新的access_token (grant_type需要有refresh_token)
+ +
+ 请求URI: /oauth/token POST
+
| 参数名 | +参数值 | +必须? | +备注 | +
|---|---|---|---|
| client_id | +{client_id} | +是 | ++ |
| client_secret | +{client_secret} | +是 | ++ |
| grant_type | +refresh_token | +是 | +固定值 | +
| refresh_token | +{refresh_token} | +是 | ++ |
+ http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=refresh_token&refresh_token=1156ebfe-e303-4572-9fb5-4459a5d46610
+
+ 正常 [200]
+
+ {"access_token":"b12cace6-7ce4-4fa8-b127-cf537d15b213","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43199,"scope":"read"}
+
+
+ 异常 [401]
+
+ {"error":"invalid_grant","error_description":"Invalid refresh token:
+ 1156ebfe-e303-4572-9fb5-4459a5d46610"}
+
+
使用access_token获取用户信息, 需要有 ROLE_UNITY 权限
+ +
+ 请求URI: /unity/user_info GET
+
| 参数名 | +参数值 | +必须? | +备注 | +
|---|---|---|---|
| 无 | +|||
+ http://localhost:8080/spring-oauth-server/unity/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213
+
+ 正常 [200]
+
+ {"guid":"55b713df1c6f423e842ad68668523c49","archived":false,"username":"unity","phone":"","email":"unity@wdcy.cc","privileges":["UNITY"]}
+
+
+ 异常 [401]
+
+ <oauth><error_description>Invalid access token:
+ 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth>
+
+
使用access_token获取用户信息, 需要有 ROLE_MOBILE 权限
+ +
+ 请求URI: /m/user_info GET
+
| 参数名 | +参数值 | +必须? | +备注 | +
|---|---|---|---|
| 无 | +|||
+ http://localhost:8080/spring-oauth-server/m/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213
+
+ 正常 [200]
+
+ {"guid":"612025cb3f964a64a48bbdf77e53c2c1","archived":false,"username":"mobile","phone":"","email":"mobile@wdcy.cc","privileges":["MOBILE"]}
+
+
+ 异常 [401]
+
+ <oauth><error_description>Invalid access token:
+ 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth>
+
+
+ © 2013 - 2023 spring-oauth-server +
+