diff --git a/README.md b/README.md
index e00b13e95e642987f2effe5f118a722bfce39c1c..169244ee65fb3a8775206af760660b4c9ac26ea8 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
- 
+ 
@@ -15,7 +15,7 @@
- 
+ 
@@ -68,7 +68,7 @@ JustAuth,如你所见,它仅仅是一个**第三方授权登录**的**工具
me.zhyd.oauth
JustAuth
- 1.7.1
+ 1.8.0
```
- 调用api
@@ -81,10 +81,12 @@ AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
.build());
// 生成授权页面
authRequest.authorize();
-// 授权登录后会返回一个code,用这个code进行登录
-authRequest.login("code");
+// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的参数
+authRequest.login(callback);
```
+注:`1.8.0`版本后,增加了`state`参数校验,用于防止[CSRF](https://zh.wikipedia.org/wiki/%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0)。强烈建议,保证单次流程内`state`的唯一性,且每个`state`只可用一次。
+
**配套Demo**:[JustAuth-demo](https://gitee.com/yadong.zhang/JustAuth-demo)
具体的例子可以参考:
@@ -99,12 +101,12 @@ authRequest.login("code");
| 
| [AuthGithubRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java) | 参考文档 |
| 
| [AuthWeiboRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java) | 参考文档 |
| 
| [AuthDingTalkRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java) | 参考文档 |
-| 
| [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java) | 参考文档 |
+| | [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java) | 参考文档 |
| 
| [AuthCodingRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java) | 参考文档 |
| 
| [AuthTencentCloudRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java) | 参考文档 |
-| 
| [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java) | 参考文档 |
+| | [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java) | 参考文档 |
| 
| [AuthAlipayRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java) | 参考文档 |
-| 
| [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java) | 参考文档 |
+| | [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java) | 参考文档 |
| 
| [AuthWeChatRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java) | 参考文档 |
| 
| [AuthTaobaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java) | 参考文档 |
| 
| [AuthGoogleRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java) | 参考文档 |
diff --git a/src/main/java/me/zhyd/oauth/model/AuthUser.java b/src/main/java/me/zhyd/oauth/model/AuthUser.java
index aca19f1a632d328832b7dca5bb4d23b0d7ec8a14..1db92ec86b9477f555889ed7860432e55adaec27 100644
--- a/src/main/java/me/zhyd/oauth/model/AuthUser.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthUser.java
@@ -17,6 +17,10 @@ import me.zhyd.oauth.config.AuthSource;
@Setter
@Builder
public class AuthUser {
+ /**
+ * 用户第三方系统的唯一id。在调用方集成改组件时,可以用uuid + source唯一确定一个用户
+ */
+ private String uuid;
/**
* 用户名
*/
@@ -61,8 +65,4 @@ public class AuthUser {
* 用户授权的token信息
*/
private AuthToken token;
- /**
- * 用户第三方系统的唯一id。在调用方集成改组件时,可以用uuid + source唯一确定一个用户
- */
- private String uuid;
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
index 06196b0f5bcfd7df860354a61aee471b135456b1..fbcb95279e2ddca896227f6a204c72a592733670 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
@@ -38,12 +38,12 @@ public class AuthAlipayRequest extends BaseAuthRequest {
protected AuthToken getAccessToken(AuthCallback authCallback) {
AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
request.setGrantType("authorization_code");
- request.setCode(authCallback.getCode());
+ request.setCode(authCallback.getAuth_code());
AlipaySystemOauthTokenResponse response = null;
try {
response = this.alipayClient.execute(request);
} catch (Exception e) {
- throw new AuthException("Unable to get token from alipay using code [" + authCallback.getCode() + "]", e);
+ throw new AuthException("Unable to get token from alipay using code [" + authCallback.getAuth_code() + "]", e);
}
if (!response.isSuccess()) {
throw new AuthException(response.getSubMsg());
@@ -93,6 +93,6 @@ public class AuthAlipayRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getAlipayAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getAlipayAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
index 06f36bf7657a478cb7831ee40fc582fdbf9f6255..a9994282a63ce48f5fda0c06b8e891a35aa94bec 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
@@ -67,7 +67,7 @@ public class AuthBaiduRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getBaiduAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getBaiduAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
@Override
diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
index 0ad822ad306d73c6415a6f0b5078fb1fb16c20ce..690a5eeceee1a7b0035b6d6c73b2b2cd9998b5a0 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
@@ -33,7 +33,11 @@ public class AuthCodingRequest extends BaseAuthRequest {
if (accessTokenObject.getIntValue("code") != 0) {
throw new AuthException("Unable to get token from coding using code [" + authCallback.getCode() + "]");
}
- return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
+ return AuthToken.builder()
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .build();
}
@Override
@@ -69,6 +73,6 @@ public class AuthCodingRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getCodingAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getCodingAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
index 9cee9a4c00ff6ad50f2ed202839a640982e9a681..43817c270804c92a951f9ed9e75ef1e1d988ed9e 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
@@ -63,6 +63,6 @@ public class AuthCsdnRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getCsdnAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getCsdnAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
index 15262d9459cf3ea4b5a0dc372c0bb0a5bf51a34f..6bd6fa0ea957ab6247b4bf988c6360eba4291b0c 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
@@ -67,6 +67,6 @@ public class AuthDingTalkRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getDingTalkQrConnectUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getDingTalkQrConnectUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
index c48c4022968c5ed1563993f9f5ef7e7b145b0ea1..cf29f19b119c9dc7f099427ef2421135691fe9be 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
@@ -58,7 +58,7 @@ public class AuthDouyinRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getDouyinAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getDouyinAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
@Override
diff --git a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
index 014137bed5d67958f616c235f215a79fa4356dd6..bc8fcacaf5dd6383e48b24b7fdb2f74566f5063c 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
@@ -30,16 +30,16 @@ public class AuthFacebookRequest extends BaseAuthRequest {
String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(),
authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- if (object.containsKey("error")) {
- throw new AuthException(object.getJSONObject("error").getString("message"));
+ if (accessTokenObject.containsKey("error")) {
+ throw new AuthException(accessTokenObject.getJSONObject("error").getString("message"));
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .tokenType(object.getString("token_type"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .tokenType(accessTokenObject.getString("token_type"))
.build();
}
@@ -80,6 +80,6 @@ public class AuthFacebookRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getFacebookAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getFacebookAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
index 1edcf91679df68af49dbe9ad34eceaf5f5b7ed31..dea8f541959485c80f6e4934a5f64d423272f33b 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
@@ -30,19 +30,19 @@ public class AuthGoogleRequest extends BaseAuthRequest {
String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- if (object.containsKey("error") || object.containsKey("error_description")) {
- throw new AuthException("get google access_token has error:[" + object.getString("error") + "], error_description:[" + object
+ if (accessTokenObject.containsKey("error") || accessTokenObject.containsKey("error_description")) {
+ throw new AuthException("get google access_token has error:[" + accessTokenObject.getString("error") + "], error_description:[" + accessTokenObject
.getString("error_description") + "]");
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .scope(object.getString("scope"))
- .tokenType(object.getString("token_type"))
- .idToken(object.getString("id_token"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .scope(accessTokenObject.getString("scope"))
+ .tokenType(accessTokenObject.getString("token_type"))
+ .idToken(accessTokenObject.getString("id_token"))
.build();
}
@@ -72,6 +72,6 @@ public class AuthGoogleRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getGoogleAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getGoogleAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
index 6115bda0a7785065454ad9af0f323779fbc16747..23cfa6b60cac1725b49512f1ff7a41bf60edcf23 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
@@ -93,7 +93,7 @@ public class AuthLinkedinRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getLinkedinAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getLinkedinAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
private String getUserEmail(String accessToken) {
diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
index b0be7f37dedc807f7d1ee5bfe0dd4da23a18cfd4..6ca54037ee35594659675bdfda9a5b1b50ff01a3 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
@@ -35,21 +35,21 @@ public class AuthMiRequest extends BaseAuthRequest {
private AuthToken getToken(String accessTokenUrl) {
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
String jsonStr = StrUtil.replace(response.body(), PREFIX, StrUtil.EMPTY);
- JSONObject object = JSONObject.parseObject(jsonStr);
+ JSONObject accessTokenObject = JSONObject.parseObject(jsonStr);
- if (object.containsKey("error")) {
- throw new AuthException(object.getString("error_description"));
+ if (accessTokenObject.containsKey("error")) {
+ throw new AuthException(accessTokenObject.getString("error_description"));
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .scope(object.getString("scope"))
- .tokenType(object.getString("token_type"))
- .refreshToken(object.getString("refresh_token"))
- .openId(object.getString("openId"))
- .macAlgorithm(object.getString("mac_algorithm"))
- .macKey(object.getString("mac_key"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .scope(accessTokenObject.getString("scope"))
+ .tokenType(accessTokenObject.getString("token_type"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .openId(accessTokenObject.getString("openId"))
+ .macAlgorithm(accessTokenObject.getString("mac_algorithm"))
+ .macKey(accessTokenObject.getString("mac_key"))
.build();
}
@@ -98,7 +98,7 @@ public class AuthMiRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getMiAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getMiAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
/**
diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
index c394ff0d6633c2d5e717ba578547d125291411a9..cbf32521357d83a5a32e47774470aa1badd6dd0c 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
@@ -48,16 +48,16 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
.form(paramMap)
.execute();
String accessTokenStr = response.body();
- JSONObject object = JSONObject.parseObject(accessTokenStr);
+ JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);
- this.checkResponse(object);
+ this.checkResponse(accessTokenObject);
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .scope(object.getString("scope"))
- .tokenType(object.getString("token_type"))
- .refreshToken(object.getString("refresh_token"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .scope(accessTokenObject.getString("scope"))
+ .tokenType(accessTokenObject.getString("token_type"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
.build();
}
@@ -96,7 +96,7 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getMicrosoftAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getMicrosoftAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
/**
diff --git a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
index f81d1c4aed3a27c9fc41bad695741c4e3bf435a8..fe0110d70056c56eca9a92e34824d5ec8f303231 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
@@ -34,7 +34,12 @@ public class AuthOschinaRequest extends BaseAuthRequest {
if (accessTokenObject.containsKey("error")) {
throw new AuthException("Unable to get token from oschina using code [" + authCallback.getCode() + "]");
}
- return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
+ return AuthToken.builder()
+ .accessToken(accessTokenObject.getString("access_token"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .uid(accessTokenObject.getString("uid"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .build();
}
@Override
@@ -66,6 +71,6 @@ public class AuthOschinaRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getOschinaAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getOschinaAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
index 3472f29ef2fa5ed8f43355ddcadc5e19f93cb33d..e9bfffeba337da7012049806db7347a7b77546da 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
@@ -81,7 +81,7 @@ public class AuthQqRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getQqAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getQqAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
private String getOpenId(AuthToken authToken) {
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
index 0dadd39ce40843b43a2b380ba6548394f88907e3..8add7cdcdabee282f1f80f712111dea9953f0263 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
@@ -36,19 +36,19 @@ public class AuthTaobaoRequest extends BaseAuthRequest {
String accessCode = authToken.getAccessCode();
HttpResponse response = HttpRequest.post(UrlBuilder.getTaobaoAccessTokenUrl(this.config.getClientId(), this.config
.getClientSecret(), accessCode, this.config.getRedirectUri())).execute();
- JSONObject object = JSONObject.parseObject(response.body());
- if (object.containsKey("error")) {
- throw new AuthException(ResponseStatus.FAILURE + ":" + object.getString("error_description"));
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+ if (accessTokenObject.containsKey("error")) {
+ throw new AuthException(ResponseStatus.FAILURE + ":" + accessTokenObject.getString("error_description"));
}
- authToken.setAccessToken(object.getString("access_token"));
- authToken.setRefreshToken(object.getString("refresh_token"));
- authToken.setExpireIn(object.getIntValue("expires_in"));
- authToken.setUid(object.getString("taobao_user_id"));
- authToken.setOpenId(object.getString("taobao_open_uid"));
+ authToken.setAccessToken(accessTokenObject.getString("access_token"));
+ authToken.setRefreshToken(accessTokenObject.getString("refresh_token"));
+ authToken.setExpireIn(accessTokenObject.getIntValue("expires_in"));
+ authToken.setUid(accessTokenObject.getString("taobao_user_id"));
+ authToken.setOpenId(accessTokenObject.getString("taobao_open_uid"));
- String nick = GlobalAuthUtil.urlDecode(object.getString("taobao_user_nick"));
+ String nick = GlobalAuthUtil.urlDecode(accessTokenObject.getString("taobao_user_nick"));
return AuthUser.builder()
- .uuid(object.getString("taobao_user_id"))
+ .uuid(accessTokenObject.getString("taobao_user_id"))
.username(nick)
.nickname(nick)
.gender(AuthUserGender.UNKNOW)
@@ -64,6 +64,6 @@ public class AuthTaobaoRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getTaobaoAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getTaobaoAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
index 5daf48f6c0bc1cd9a7ca0c6bbe3a795a4738f7d3..4841115745588e2889236120adb50bcdafc1a648 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
@@ -29,11 +29,15 @@ public class AuthTencentCloudRequest extends BaseAuthRequest {
protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
- if (object.getIntValue("code") != 0) {
- throw new AuthException("Unable to get token from tencent cloud using code [" + authCallback.getCode() + "]: " + object.get("msg"));
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+ if (accessTokenObject.getIntValue("code") != 0) {
+ throw new AuthException("Unable to get token from tencent cloud using code [" + authCallback.getCode() + "]: " + accessTokenObject.get("msg"));
}
- return AuthToken.builder().accessToken(object.getString("access_token")).build();
+ return AuthToken.builder()
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .build();
}
@Override
@@ -68,6 +72,6 @@ public class AuthTencentCloudRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getTencentCloudAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getTencentCloudAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
index 41d4c76d104eae8b9a21666c03faf7a483424d1d..dd24abfa375b86a200574e4609ec31946a8e7c29 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
@@ -26,16 +26,16 @@ public class AuthToutiaoRequest extends BaseAuthRequest {
protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- if (object.containsKey("error_code")) {
- throw new AuthException(AuthToutiaoErrorCode.getErrorCode(object.getIntValue("error_code")).getDesc());
+ if (accessTokenObject.containsKey("error_code")) {
+ throw new AuthException(AuthToutiaoErrorCode.getErrorCode(accessTokenObject.getIntValue("error_code")).getDesc());
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .openId(object.getString("open_id"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .openId(accessTokenObject.getString("open_id"))
.build();
}
@@ -73,6 +73,6 @@ public class AuthToutiaoRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getToutiaoAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getToutiaoAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
index 6fc9b7a7cb81f031abb8b03de790ca2d03f8eb4c..e7ae78eb4799290405765c8d13cf4807db3fd827 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
@@ -24,7 +24,7 @@ public class AuthWeChatRequest extends BaseAuthRequest {
/**
* 微信的特殊性,此时返回的信息同时包含 openid 和 access_token
*
- * @param code 授权码
+ * @param authCallback 回调返回的参数
* @return 所有信息
*/
@Override
@@ -63,7 +63,7 @@ public class AuthWeChatRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getWeChatAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getWeChatAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
@Override
@@ -94,15 +94,15 @@ public class AuthWeChatRequest extends BaseAuthRequest {
*/
private AuthToken getToken(String accessTokenUrl) {
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- this.checkResponse(object);
+ this.checkResponse(accessTokenObject);
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .refreshToken(object.getString("refresh_token"))
- .expireIn(object.getIntValue("expires_in"))
- .openId(object.getString("openid"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .openId(accessTokenObject.getString("openid"))
.build();
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
index 52e1254b769b171ebcdf3dd93b11324586194238..8cf1fb186423898617e3c7e0090df47e82c64360 100644
--- a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
@@ -37,7 +37,7 @@ public abstract class BaseAuthRequest implements AuthRequest {
@Override
public AuthResponse login(AuthCallback authCallback) {
try {
- AuthChecker.checkCode(authCallback.getCode());
+ AuthChecker.checkCode(source == AuthSource.ALIPAY ? authCallback.getAuth_code() : authCallback.getCode());
AuthChecker.checkState(authCallback.getState(), config.getState());
AuthToken authToken = this.getAccessToken(authCallback);
diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
index 2f0492b655dbba4466b50f6b8f3c4deed2caac9f..70d8db7036927a939ae01371928401df16643d74 100644
--- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
+++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
@@ -29,31 +29,31 @@ public class UrlBuilder {
private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}";
private static final String GITEE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
- private static final String DING_TALK_QRCONNECT_PATTERN = "{0}?appid={1}&response_type=code&scope=snsapi_login&state=STATE&redirect_uri={2}";
+ private static final String DING_TALK_QRCONNECT_PATTERN = "{0}?appid={1}&response_type=code&scope=snsapi_login&redirect_uri={2}&state={3}";
private static final String DING_TALK_USER_INFO_PATTERN = "{0}?signature={1}×tamp={2}&accessKey={3}";
private static final String BAIDU_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String BAIDU_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String BAIDU_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&display=popup";
+ private static final String BAIDU_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&display=popup&state={3}";
private static final String BAIDU_REVOKE_PATTERN = "{0}?access_token={1}";
private static final String CSDN_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String CSDN_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String CSDN_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}";
+ private static final String CSDN_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
private static final String CODING_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}";
private static final String CODING_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String CODING_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user";
+ private static final String CODING_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user&state={3}";
private static final String TENCENT_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}";
private static final String TENCENT_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String TENCENT_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user";
+ private static final String TENCENT_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user&state={3}";
private static final String OSCHINA_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}&dataType=json";
private static final String OSCHINA_USER_INFO_PATTERN = "{0}?access_token={1}&dataType=json";
- private static final String OSCHINA_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}";
+ private static final String OSCHINA_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
- private static final String ALIPAY_AUTHORIZE_PATTERN = "{0}?app_id={1}&scope=auth_user&redirect_uri={2}&state=init";
+ private static final String ALIPAY_AUTHORIZE_PATTERN = "{0}?app_id={1}&scope=auth_user&redirect_uri={2}&state={3}";
private static final String QQ_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String QQ_USER_INFO_PATTERN = "{0}?oauth_consumer_key={1}&access_token={2}&openid={3}";
@@ -215,10 +215,11 @@ public class UrlBuilder {
*
* @param clientId 钉钉 应用的App Id
* @param redirectUrl 钉钉 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getDingTalkQrConnectUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(DING_TALK_QRCONNECT_PATTERN, AuthSource.DINGTALK.authorize(), clientId, redirectUrl);
+ public static String getDingTalkQrConnectUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(DING_TALK_QRCONNECT_PATTERN, AuthSource.DINGTALK.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -261,10 +262,11 @@ public class UrlBuilder {
*
* @param clientId baidu 应用的API Key
* @param redirectUrl baidu 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return json
*/
- public static String getBaiduAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(BAIDU_AUTHORIZE_PATTERN, AuthSource.BAIDU.authorize(), clientId, redirectUrl);
+ public static String getBaiduAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(BAIDU_AUTHORIZE_PATTERN, AuthSource.BAIDU.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -305,10 +307,11 @@ public class UrlBuilder {
*
* @param clientId csdn 应用的Client ID
* @param redirectUrl csdn 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getCsdnAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(CSDN_AUTHORIZE_PATTERN, AuthSource.CSDN.authorize(), clientId, redirectUrl);
+ public static String getCsdnAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(CSDN_AUTHORIZE_PATTERN, AuthSource.CSDN.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -338,10 +341,11 @@ public class UrlBuilder {
*
* @param clientId coding 应用的Client ID
* @param redirectUrl coding 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getCodingAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(CODING_AUTHORIZE_PATTERN, AuthSource.CODING.authorize(), clientId, redirectUrl);
+ public static String getCodingAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(CODING_AUTHORIZE_PATTERN, AuthSource.CODING.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -371,10 +375,11 @@ public class UrlBuilder {
*
* @param clientId coding 应用的Client ID
* @param redirectUrl coding 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getTencentCloudAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(TENCENT_AUTHORIZE_PATTERN, AuthSource.TENCENT_CLOUD.authorize(), clientId, redirectUrl);
+ public static String getTencentCloudAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(TENCENT_AUTHORIZE_PATTERN, AuthSource.TENCENT_CLOUD.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -405,10 +410,11 @@ public class UrlBuilder {
*
* @param clientId oschina 应用的Client ID
* @param redirectUrl oschina 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getOschinaAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(OSCHINA_AUTHORIZE_PATTERN, AuthSource.OSCHINA.authorize(), clientId, redirectUrl);
+ public static String getOschinaAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(OSCHINA_AUTHORIZE_PATTERN, AuthSource.OSCHINA.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -441,10 +447,11 @@ public class UrlBuilder {
*
* @param clientId qq 应用的Client ID
* @param redirectUrl qq 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getQqAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(QQ_AUTHORIZE_PATTERN, AuthSource.QQ.authorize(), clientId, redirectUrl, System.currentTimeMillis());
+ public static String getQqAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(QQ_AUTHORIZE_PATTERN, AuthSource.QQ.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -464,10 +471,11 @@ public class UrlBuilder {
*
* @param clientId alipay 应用的Client ID
* @param redirectUrl alipay 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getAlipayAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(ALIPAY_AUTHORIZE_PATTERN, AuthSource.ALIPAY.authorize(), clientId, redirectUrl);
+ public static String getAlipayAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(ALIPAY_AUTHORIZE_PATTERN, AuthSource.ALIPAY.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -475,11 +483,11 @@ public class UrlBuilder {
*
* @param clientId 微信 应用的appid
* @param redirectUrl 微信 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getWeChatAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(WECHAT_AUTHORIZE_PATTERN, AuthSource.WECHAT.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getWeChatAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(WECHAT_AUTHORIZE_PATTERN, AuthSource.WECHAT.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -534,11 +542,11 @@ public class UrlBuilder {
*
* @param clientId Taobao 应用的Client ID
* @param redirectUrl Taobao 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getTaobaoAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(TAOBAO_AUTHORIZE_PATTERN, AuthSource.TAOBAO.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getTaobaoAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(TAOBAO_AUTHORIZE_PATTERN, AuthSource.TAOBAO.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -546,11 +554,11 @@ public class UrlBuilder {
*
* @param clientId google 应用的Client ID
* @param redirectUrl google 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getGoogleAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(GOOGLE_AUTHORIZE_PATTERN, AuthSource.GOOGLE.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getGoogleAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(GOOGLE_AUTHORIZE_PATTERN, AuthSource.GOOGLE.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -581,11 +589,11 @@ public class UrlBuilder {
*
* @param clientId Facebook 应用的Client ID
* @param redirectUrl Facebook 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getFacebookAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(FACEBOOK_AUTHORIZE_PATTERN, AuthSource.FACEBOOK.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getFacebookAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(FACEBOOK_AUTHORIZE_PATTERN, AuthSource.FACEBOOK.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -616,11 +624,11 @@ public class UrlBuilder {
*
* @param clientId Douyin 应用的Client ID
* @param redirectUrl Douyin 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getDouyinAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(DOUYIN_AUTHORIZE_PATTERN, AuthSource.DOUYIN.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getDouyinAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(DOUYIN_AUTHORIZE_PATTERN, AuthSource.DOUYIN.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -662,11 +670,11 @@ public class UrlBuilder {
*
* @param clientId Linkedin 应用的Client ID
* @param redirectUrl Linkedin 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getLinkedinAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(LINKEDIN_AUTHORIZE_PATTERN, AuthSource.LINKEDIN.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getLinkedinAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(LINKEDIN_AUTHORIZE_PATTERN, AuthSource.LINKEDIN.authorize(), clientId, redirectUrl, state);
}
/**
@@ -708,11 +716,11 @@ public class UrlBuilder {
*
* @param clientId 微软 应用的Client ID
* @param redirectUrl 微软 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getMicrosoftAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(MICROSOFT_AUTHORIZE_PATTERN, AuthSource.MICROSOFT.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getMicrosoftAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(MICROSOFT_AUTHORIZE_PATTERN, AuthSource.MICROSOFT.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -755,10 +763,11 @@ public class UrlBuilder {
*
* @param clientId 小米 应用的Client ID
* @param redirectUrl 小米 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getMiAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(MI_AUTHORIZE_PATTERN, AuthSource.MI.authorize(), clientId, redirectUrl, System.currentTimeMillis());
+ public static String getMiAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(MI_AUTHORIZE_PATTERN, AuthSource.MI.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -803,11 +812,11 @@ public class UrlBuilder {
*
* @param clientId 今日头条 应用的Client ID
* @param redirectUrl 今日头条 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getToutiaoAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(TOUTIAO_AUTHORIZE_PATTERN, AuthSource.TOUTIAO.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getToutiaoAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(TOUTIAO_AUTHORIZE_PATTERN, AuthSource.TOUTIAO.authorize(), clientId, redirectUrl, getState(state));
}
/**
diff --git a/src/test/java/me/zhyd/oauth/AuthRequestTest.java b/src/test/java/me/zhyd/oauth/AuthRequestTest.java
index 0bd0df6743047fd50fba374c91789f5a1ec302b3..713210eab85b4ca4c179acd10a26c81dfd92c9d2 100644
--- a/src/test/java/me/zhyd/oauth/AuthRequestTest.java
+++ b/src/test/java/me/zhyd/oauth/AuthRequestTest.java
@@ -1,6 +1,7 @@
package me.zhyd.oauth;
import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.request.*;
import org.junit.Test;
@@ -18,11 +19,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -31,11 +33,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -48,7 +51,7 @@ public class AuthRequestTest {
// 返回授权页面,可自行调整
authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -57,11 +60,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -70,11 +74,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -83,11 +88,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -96,11 +102,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -109,11 +116,26 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void alipayTest() {
+ AuthRequest authRequest = new AuthAlipayRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -122,11 +144,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -135,11 +158,26 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void taobaoTest() {
+ AuthRequest authRequest = new AuthTaobaoRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -148,11 +186,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -161,11 +200,40 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void douyinTest() {
+ AuthRequest authRequest = new AuthDouyinRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void linkedinTest() {
+ AuthRequest authRequest = new AuthLinkedinRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -174,11 +242,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -187,10 +256,25 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void toutiaoTest() {
+ AuthRequest authRequest = new AuthToutiaoRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
}
diff --git a/update.md b/update.md
index 785a3d7ab362401e1c906ebcffd72bd2cac9f29d..f875c77bb546e1e89b78e88df11189c0a8c2284f 100644
--- a/update.md
+++ b/update.md
@@ -1,6 +1,6 @@
### 2019/06/28
1. 修复百度登录获取不到token失效时间的问题
-2. gitee增加state参数校验
+2. 增加state参数校验,预防CSRF。强烈建议启用state!
### 2019/06/27
1. 修改login方法的参数为AuthCallback,封装回调返回的参数