diff --git a/pom.xml b/pom.xml
index 826a658c7d6550902a2f1553c24a24fffd021f06..a445b72084161f902287ab374f8fe4dc1f42be65 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
me.zhyd.oauth
JustAuth
- 1.7.1
+ 1.8.0
JustAuth
https://gitee.com/yadong.zhang/JustAuth
diff --git a/src/main/java/me/zhyd/oauth/config/AuthConfig.java b/src/main/java/me/zhyd/oauth/config/AuthConfig.java
index 3ea5554abee2c2dd6c8f0a5763e393fff72f24a0..8b1f7da07eebfb75e1e6a16624e7e13b7a42b1a1 100644
--- a/src/main/java/me/zhyd/oauth/config/AuthConfig.java
+++ b/src/main/java/me/zhyd/oauth/config/AuthConfig.java
@@ -40,6 +40,15 @@ public class AuthConfig {
* 是否需要申请unionid,目前只针对qq登录
* 注:qq授权登录时,获取unionid需要单独发送邮件申请权限。如果个人开发者账号中申请了该权限,可以将该值置为true,在获取openId时就会同步获取unionId
* 参考链接:http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D
+ *
+ * 1.7.1版本新增参数
*/
private boolean unionId;
+
+ /**
+ * 一个神奇的参数,最好使用随机的不可测的内容,可以用来防止CSRF攻击
+ *
+ * 1.8.0版本新增参数
+ */
+ private String state;
}
diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java
new file mode 100644
index 0000000000000000000000000000000000000000..fbc08edf54cba9c32d205464711cdbefba05281d
--- /dev/null
+++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java
@@ -0,0 +1,31 @@
+package me.zhyd.oauth.model;
+
+import lombok.Getter;
+import lombok.Setter;
+
+/**
+ * 授权回调时的参数类
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0
+ * @since 1.8
+ */
+@Getter
+@Setter
+public class AuthCallback {
+
+ /**
+ * 访问AuthorizeUrl后回调时带的参数code
+ */
+ private String code;
+
+ /**
+ * 访问AuthorizeUrl后回调时带的参数auth_code,该参数目前只使用于支付宝登录
+ */
+ private String auth_code;
+
+ /**
+ * 访问AuthorizeUrl后回调时带的参数state,用于和请求AuthorizeUrl前的state比较,防止CSRF攻击
+ */
+ private String state;
+}
diff --git a/src/main/java/me/zhyd/oauth/model/AuthResponse.java b/src/main/java/me/zhyd/oauth/model/AuthResponse.java
index b98573659142df3a66b9cda8b0189ed202e6d6db..04f9ceb5260c9bec77b445a2eefb690b1e69a302 100644
--- a/src/main/java/me/zhyd/oauth/model/AuthResponse.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthResponse.java
@@ -1,7 +1,8 @@
package me.zhyd.oauth.model;
import lombok.Builder;
-import lombok.Data;
+import lombok.Getter;
+import lombok.Setter;
import me.zhyd.oauth.request.ResponseStatus;
/**
@@ -11,8 +12,9 @@ import me.zhyd.oauth.request.ResponseStatus;
* @version 1.0
* @since 1.8
*/
+@Getter
+@Setter
@Builder
-@Data
public class AuthResponse {
/**
* 授权响应状态码
diff --git a/src/main/java/me/zhyd/oauth/model/AuthToken.java b/src/main/java/me/zhyd/oauth/model/AuthToken.java
index 37dcfd465beccbecebad9d3c84fefe4f42fe43a1..472d3d667a8f7ac3f1d856872b1e85659826a294 100644
--- a/src/main/java/me/zhyd/oauth/model/AuthToken.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthToken.java
@@ -2,6 +2,8 @@ package me.zhyd.oauth.model;
import lombok.Builder;
import lombok.Data;
+import lombok.Getter;
+import lombok.Setter;
/**
* 授权所需的token
@@ -10,7 +12,8 @@ import lombok.Data;
* @version 1.0
* @since 1.8
*/
-@Data
+@Getter
+@Setter
@Builder
public class AuthToken {
private String accessToken;
diff --git a/src/main/java/me/zhyd/oauth/model/AuthUser.java b/src/main/java/me/zhyd/oauth/model/AuthUser.java
index 35a5d02d99de0b6cfb4b1be878bf52d0c5818e3b..aca19f1a632d328832b7dca5bb4d23b0d7ec8a14 100644
--- a/src/main/java/me/zhyd/oauth/model/AuthUser.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthUser.java
@@ -2,6 +2,8 @@ package me.zhyd.oauth.model;
import lombok.Builder;
import lombok.Data;
+import lombok.Getter;
+import lombok.Setter;
import me.zhyd.oauth.config.AuthSource;
/**
@@ -11,8 +13,9 @@ import me.zhyd.oauth.config.AuthSource;
* @version 1.0
* @since 1.8
*/
+@Getter
+@Setter
@Builder
-@Data
public class AuthUser {
/**
* 用户名
diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
index db414ae95805b44ccf76917cd9f2f741fb8e5af5..06196b0f5bcfd7df860354a61aee471b135456b1 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
@@ -10,6 +10,7 @@ import com.alipay.api.response.AlipayUserInfoShareResponse;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -34,15 +35,15 @@ public class AuthAlipayRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
request.setGrantType("authorization_code");
- request.setCode(code);
+ request.setCode(authCallback.getCode());
AlipaySystemOauthTokenResponse response = null;
try {
response = this.alipayClient.execute(request);
} catch (Exception e) {
- throw new AuthException("Unable to get token from alipay using code [" + code + "]", e);
+ throw new AuthException("Unable to get token from alipay using code [" + authCallback.getCode() + "]", e);
}
if (!response.isSuccess()) {
throw new AuthException(response.getSubMsg());
diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
index ff743d4967a8cb3b0ce20f93e9b695a94d1c9f3c..6eb936d986ef2f8196ee9a7cc19a2fddff71533b 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
@@ -23,8 +23,8 @@ public class AuthBaiduRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getBaiduAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getBaiduAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body());
diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
index 66f714353f49d5c793833bcfacab04dbfe1bb127..0ad822ad306d73c6415a6f0b5078fb1fb16c20ce 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -25,12 +26,12 @@ public class AuthCodingRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getCodingAccessTokenUrl(config.getClientId(), config.getClientSecret(), code);
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getCodingAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.getIntValue("code") != 0) {
- throw new AuthException("Unable to get token from coding using code [" + code + "]");
+ throw new AuthException("Unable to get token from coding using code [" + authCallback.getCode() + "]");
}
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
index 858441bb1befa8cf340cc9729339217482657f13..9cee9a4c00ff6ad50f2ed202839a640982e9a681 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -25,13 +26,13 @@ public class AuthCsdnRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getCsdnAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getCsdnAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.containsKey("error_code")) {
- throw new AuthException("Unable to get token from csdn using code [" + code + "]");
+ throw new AuthException("Unable to get token from csdn using code [" + authCallback.getCode() + "]");
}
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
index cf50b1313a41a0e150f206fbb6d866801a82d555..15262d9459cf3ea4b5a0dc372c0bb0a5bf51a34f 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthDingTalkErrorCode;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
+import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.GlobalAuthUtil;
import me.zhyd.oauth.utils.UrlBuilder;
@@ -28,8 +25,8 @@ public class AuthDingTalkRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- return AuthToken.builder().accessCode(code).build();
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ return AuthToken.builder().accessCode(authCallback.getCode()).build();
}
@Override
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
index a3ae4ee2425131c525db421802db91010fd534c0..c48c4022968c5ed1563993f9f5ef7e7b145b0ea1 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
+import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.UrlBuilder;
@@ -27,8 +24,8 @@ public class AuthDouyinRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getDouyinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code);
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getDouyinAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
return this.getToken(accessTokenUrl);
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
index 2f8e3c04a85e6d4e952bec0d4da6dc45bd2b52fc..014137bed5d67958f616c235f215a79fa4356dd6 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -25,9 +26,9 @@ public class AuthFacebookRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
- .getRedirectUri());
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(),
+ authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body());
diff --git a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java
index 1e3ae3b2398dd2ec322a75273de9a2501399369c..48333849a559c8c74010e4ce26034982254d1895 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -25,13 +26,13 @@ public class AuthGiteeRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getGiteeAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
- .getRedirectUri());
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getGiteeAccessTokenUrl(config.getClientId(), config.getClientSecret(),
+ authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.containsKey("error")) {
- throw new AuthException("Unable to get token from gitee using code [" + code + "]");
+ throw new AuthException("Unable to get token from gitee using code [" + authCallback.getCode() + "]");
}
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
index db7dcb22748d818d2dd2cad3cd1b556e4836c5ce..d7245a96059477033261e58a1a5ca2b11434e2a9 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -28,9 +29,8 @@ public class AuthGithubRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
- .getRedirectUri());
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config.getRedirectUri(), config.getState());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
Map res = GlobalAuthUtil.parseStringToMap(response.body());
if (res.containsKey("error")) {
@@ -68,6 +68,6 @@ public class AuthGithubRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getGithubAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getGithubAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
index 4e9176151e24eb5583d0a3ee303768306651e313..1edcf91679df68af49dbe9ad34eceaf5f5b7ed31 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -25,8 +26,8 @@ public class AuthGoogleRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body());
diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
index acdb664b525f35bd777506b727878bd78d10a8bd..6115bda0a7785065454ad9af0f323779fbc16747 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
+import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.StringUtils;
import me.zhyd.oauth.utils.UrlBuilder;
@@ -29,8 +26,8 @@ public class AuthLinkedinRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getLinkedinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getLinkedinAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri());
return this.getToken(accessTokenUrl);
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
index 3686beeb6edf5d9c491c0c26b7866ff175c8c450..b0be7f37dedc807f7d1ee5bfe0dd4da23a18cfd4 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
+import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.UrlBuilder;
import java.text.MessageFormat;
@@ -30,8 +27,8 @@ public class AuthMiRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getMiAccessTokenUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), code);
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getMiAccessTokenUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), authCallback.getCode());
return getToken(accessTokenUrl);
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
index 8902338b205332e45819378c8ff9ceb5a4ac2b33..c394ff0d6633c2d5e717ba578547d125291411a9 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
+import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.UrlBuilder;
import java.util.HashMap;
@@ -29,9 +26,9 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getMicrosoftAccessTokenUrl(config.getClientId(), config.getClientSecret(), config
- .getRedirectUri(), code);
+ .getRedirectUri(), authCallback.getCode());
return getToken(accessTokenUrl);
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
index 0a4d934e096a4dde0cf1a84de2ba29905e763bd3..f81d1c4aed3a27c9fc41bad695741c4e3bf435a8 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -25,13 +26,13 @@ public class AuthOschinaRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getOschinaAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
- .getRedirectUri());
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getOschinaAccessTokenUrl(config.getClientId(), config.getClientSecret(),
+ authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.containsKey("error")) {
- throw new AuthException("Unable to get token from oschina using code [" + code + "]");
+ throw new AuthException("Unable to get token from oschina using code [" + authCallback.getCode() + "]");
}
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
index b0e29154ab14b7973089151b80c7358865cdb169..3472f29ef2fa5ed8f43355ddcadc5e19f93cb33d 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
@@ -7,6 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -30,13 +31,13 @@ public class AuthQqRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getQqAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
- .getRedirectUri());
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getQqAccessTokenUrl(config.getClientId(), config.getClientSecret(),
+ authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
Map accessTokenObject = GlobalAuthUtil.parseStringToMap(response.body());
if (!accessTokenObject.containsKey("access_token")) {
- throw new AuthException("Unable to get token from qq using code [" + code + "]");
+ throw new AuthException("Unable to get token from qq using code [" + authCallback.getCode() + "]");
}
return AuthToken.builder()
.accessToken(accessTokenObject.get("access_token"))
diff --git a/src/main/java/me/zhyd/oauth/request/AuthRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRequest.java
index 38f3dd54debf3f67e275fcc288c0c4949e6f86c1..d75651eb8c8ba46e118f577f25051e18299b478d 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthRequest.java
@@ -1,6 +1,7 @@
package me.zhyd.oauth.request;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken;
@@ -23,10 +24,10 @@ public interface AuthRequest {
/**
* 第三方登录
*
- * @param code 通过authorize换回的code
+ * @param authCallback 用于接收回调参数的实体
* @return 返回登录成功后的用户信息
*/
- default AuthResponse login(String code) {
+ default AuthResponse login(AuthCallback authCallback) {
throw new AuthException(ResponseStatus.NOT_IMPLEMENTED);
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
index 4558597f107a0fb50e19de28171a048976db2a8a..0dadd39ce40843b43a2b380ba6548394f88907e3 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -26,8 +27,8 @@ public class AuthTaobaoRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- return AuthToken.builder().accessCode(code).build();
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ return AuthToken.builder().accessCode(authCallback.getCode()).build();
}
@Override
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
index db4458bbc078d8b4b1b2a3b4bc4a53bbe3db25a4..5daf48f6c0bc1cd9a7ca0c6bbe3a795a4738f7d3 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -25,12 +26,12 @@ public class AuthTencentCloudRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), code);
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body());
if (object.getIntValue("code") != 0) {
- throw new AuthException("Unable to get token from tencent cloud using code [" + code + "]: " + object.get("msg"));
+ throw new AuthException("Unable to get token from tencent cloud using code [" + authCallback.getCode() + "]: " + object.get("msg"));
}
return AuthToken.builder().accessToken(object.getString("access_token")).build();
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
index 423595c8086ae59458b8d9b77c1a9263475e2ec3..41d4c76d104eae8b9a21666c03faf7a483424d1d 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthToutiaoErrorCode;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
+import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.UrlBuilder;
/**
@@ -26,8 +23,8 @@ public class AuthToutiaoRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), code);
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body());
diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
index 3d9fb7c4f28d502aba14ea0340b2213ef72e77c8..6fc9b7a7cb81f031abb8b03de790ca2d03f8eb4c 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
+import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.UrlBuilder;
/**
@@ -31,8 +28,8 @@ public class AuthWeChatRequest extends BaseAuthRequest {
* @return 所有信息
*/
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getWeChatAccessTokenUrl(config.getClientId(), config.getClientSecret(), code);
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getWeChatAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
return this.getToken(accessTokenUrl);
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java
index 246ebd355fd5271f38298a404beb25135f5df149..366ee2234f9da7a57d4b5f0f8bb5c3ce4741cbb8 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
@@ -28,14 +29,14 @@ public class AuthWeiboRequest extends BaseAuthRequest {
}
@Override
- protected AuthToken getAccessToken(String code) {
- String accessTokenUrl = UrlBuilder.getWeiboAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
+ protected AuthToken getAccessToken(AuthCallback authCallback) {
+ String accessTokenUrl = UrlBuilder.getWeiboAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
String accessTokenStr = response.body();
JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);
if (accessTokenObject.containsKey("error")) {
- throw new AuthException("Unable to get token from weibo using code [" + code + "]:" + accessTokenObject.getString("error_description"));
+ throw new AuthException("Unable to get token from weibo using code [" + authCallback.getCode() + "]:" + accessTokenObject.getString("error_description"));
}
return AuthToken.builder()
.accessToken(accessTokenObject.getString("access_token"))
@@ -81,6 +82,6 @@ public class AuthWeiboRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getWeiboAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getWeiboAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
index 4fa29c3a7d158df25cbf39bbdf13eb8c387ed673..52e1254b769b171ebcdf3dd93b11324586194238 100644
--- a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
@@ -4,10 +4,11 @@ import lombok.Data;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.utils.AuthConfigChecker;
+import me.zhyd.oauth.utils.AuthChecker;
/**
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
@@ -22,21 +23,24 @@ public abstract class BaseAuthRequest implements AuthRequest {
public BaseAuthRequest(AuthConfig config, AuthSource source) {
this.config = config;
this.source = source;
- if (!AuthConfigChecker.isSupportedAuth(config, source)) {
+ if (!AuthChecker.isSupportedAuth(config, source)) {
throw new AuthException(ResponseStatus.PARAMETER_INCOMPLETE);
}
// 校验配置合法性
- AuthConfigChecker.check(config, source);
+ AuthChecker.checkConfig(config, source);
}
- protected abstract AuthToken getAccessToken(String code);
+ protected abstract AuthToken getAccessToken(AuthCallback authCallback);
protected abstract AuthUser getUserInfo(AuthToken authToken);
@Override
- public AuthResponse login(String code) {
+ public AuthResponse login(AuthCallback authCallback) {
try {
- AuthToken authToken = this.getAccessToken(code);
+ AuthChecker.checkCode(authCallback.getCode());
+ AuthChecker.checkState(authCallback.getState(), config.getState());
+
+ AuthToken authToken = this.getAccessToken(authCallback);
AuthUser user = this.getUserInfo(authToken);
return AuthResponse.builder().code(ResponseStatus.SUCCESS.getCode()).data(user).build();
} catch (Exception e) {
diff --git a/src/main/java/me/zhyd/oauth/request/ResponseStatus.java b/src/main/java/me/zhyd/oauth/request/ResponseStatus.java
index 41052ab8bcf49f352a3a425f8a1e785838df180b..82a78c4a62e887bd34a30ca39b5c7e08e4c91ba7 100644
--- a/src/main/java/me/zhyd/oauth/request/ResponseStatus.java
+++ b/src/main/java/me/zhyd/oauth/request/ResponseStatus.java
@@ -14,6 +14,8 @@ public enum ResponseStatus {
NO_AUTH_SOURCE(5004, "AuthSource cannot be null"),
UNIDENTIFIED_PLATFORM(5005, "Unidentified platform"),
ILLEGAL_REDIRECT_URI(5006, "Illegal redirect uri"),
+ ILLEGAL_REQUEST(5007, "Illegal request"),
+ ILLEGAL_CODE(5008, "Illegal code"),
;
private int code;
diff --git a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
similarity index 58%
rename from src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java
rename to src/main/java/me/zhyd/oauth/utils/AuthChecker.java
index 5451d48bfe0e275e2add16fba7e985edbf2927b2..994424b3e901b64c3b9b55024aa2472b9c479d25 100644
--- a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -12,7 +12,7 @@ import me.zhyd.oauth.request.ResponseStatus;
* @version 1.0
* @since 1.8
*/
-public class AuthConfigChecker {
+public class AuthChecker {
/**
* 是否支持第三方登录
@@ -35,7 +35,7 @@ public class AuthConfigChecker {
* @param config config
* @param source source
*/
- public static void check(AuthConfig config, AuthSource source) {
+ public static void checkConfig(AuthConfig config, AuthSource source) {
String redirectUri = config.getRedirectUri();
if (!GlobalAuthUtil.isHttpProtocol(redirectUri) && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) {
throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
@@ -49,4 +49,36 @@ public class AuthConfigChecker {
throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
}
}
+
+ /**
+ * 校验回调传回的code
+ *
+ * @param code 回调时传回的code
+ */
+ public static void checkCode(String code) {
+ if (StringUtils.isEmpty(code)) {
+ throw new AuthException(ResponseStatus.ILLEGAL_CODE);
+ }
+ }
+
+ /**
+ * 校验state的合法性防止被CSRF
+ *
+ * @param newState 新的state,一般为回调时传回的state(可能被篡改)
+ * @param originalState 原始的state,发起授权时向第三方平台传递的state
+ */
+ public static void checkState(String newState, String originalState) {
+ // 如果原始state为空,表示当前平台未使用state
+ if (StringUtils.isEmpty(originalState)) {
+ return;
+ }
+ // 如果授权之前使用了state,但是回调时未返回state,则表示当前请求为非法的请求,可能正在被CSRF攻击
+ if (StringUtils.isEmpty(newState)) {
+ throw new AuthException(ResponseStatus.ILLEGAL_REQUEST);
+ }
+ // 如果授权前后的state不一致,则表示当前请求为非法的请求,新的state可能为伪造
+ if (!newState.equals(originalState)) {
+ throw new AuthException(ResponseStatus.ILLEGAL_REQUEST);
+ }
+ }
}
diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
index 7c8ed1e265dfdf3f1855b5ed3493ec64e0be5e4f..8df5de44ceceddfb73914ff7fe2cb45f3f9480d6 100644
--- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
+++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
@@ -13,9 +13,9 @@ import java.text.MessageFormat;
*/
public class UrlBuilder {
- private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}";
+ private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&state={5}";
private static final String GITHUB_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&state=1&redirect_uri={2}";
+ private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&redirect_uri={2}&state={3}";
private static final String GOOGLE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&scope=openid%20email%20profile&redirect_uri={2}&state={3}";
private static final String GOOGLE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&grant_type=authorization_code";
@@ -23,7 +23,7 @@ public class UrlBuilder {
private static final String WEIBO_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String WEIBO_USER_INFO_PATTERN = "{0}?{1}";
- private static final String WEIBO_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}";
+ private static final String WEIBO_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
private static final String GITEE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}";
@@ -103,10 +103,11 @@ public class UrlBuilder {
* @param clientSecret github 应用的Client Secret
* @param code github 授权前的code,用来换token
* @param redirectUri 待跳转的页面
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri) {
- return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri);
+ public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri, String state) {
+ return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state);
}
/**
@@ -124,10 +125,11 @@ public class UrlBuilder {
*
* @param clientId github 应用的Client ID
* @param redirectUrl github 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getGithubAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl);
+ public static String getGithubAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state);
}
/**
@@ -158,10 +160,11 @@ public class UrlBuilder {
*
* @param clientId weibo 应用的Client ID
* @param redirectUrl weibo 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl);
+ public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state);
}
/**