(window.webpackJsonp=window.webpackJsonp||[]).push([[549],{978:function(t,e,i){"use strict";i.r(e);var r=i(56),n=Object(r.a)({},(function(){var t=this,e=t.$createElement,i=t._self._c||e;return i("ContentSlotsDistributor",{attrs:{"slot-key":t.$parent.slotKey}},[i("h1",{attrs:{id:"核心接口-类"}},[i("a",{staticClass:"header-anchor",attrs:{href:"#核心接口-类"}},[t._v("#")]),t._v(" 核心接口/类")]),t._v(" "),i("h2",{attrs:{id:"客户登记"}},[i("a",{staticClass:"header-anchor",attrs:{href:"#客户登记"}},[t._v("#")]),t._v(" 客户登记")]),t._v(" "),i("p",[i("code",[t._v("ClientRegistration")]),t._v("是在 OAuth2.0 或 OpenID Connect1.0 提供程序中注册的客户端的表示。")]),t._v(" "),i("p",[t._v("客户机注册包含信息，例如客户机 ID、客户机秘密、授权授予类型、重定向 URI、作用域、授权 URI、令牌 URI 和其他详细信息。")]),t._v(" "),i("p",[i("code",[t._v("ClientRegistration")]),t._v("及其属性定义如下：")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v("public final class ClientRegistration {\n\tprivate String registrationId;\t(1)\n\tprivate String clientId;\t(2)\n\tprivate String clientSecret;\t(3)\n\tprivate ClientAuthenticationMethod clientAuthenticationMethod;\t(4)\n\tprivate AuthorizationGrantType authorizationGrantType;\t(5)\n\tprivate String redirectUri;\t(6)\n\tprivate Set<String> scopes;\t(7)\n\tprivate ProviderDetails providerDetails;\n\tprivate String clientName;\t(8)\n\n\tpublic class ProviderDetails {\n\t\tprivate String authorizationUri;\t(9)\n\t\tprivate String tokenUri;\t(10)\n\t\tprivate UserInfoEndpoint userInfoEndpoint;\n\t\tprivate String jwkSetUri;\t(11)\n\t\tprivate String issuerUri;\t(12)\n\t\tprivate Map<String, Object> configurationMetadata;  (13)\n\n\t\tpublic class UserInfoEndpoint {\n\t\t\tprivate String uri;\t(14)\n\t\t\tprivate AuthenticationMethod authenticationMethod;  (15)\n\t\t\tprivate String userNameAttributeName;\t(16)\n\n\t\t}\n\t}\n}\n")])])]),i("table",[i("thead",[i("tr",[i("th",[i("strong",[t._v("1")])]),t._v(" "),i("th",[i("code",[t._v("registrationId")]),t._v(":唯一标识"),i("code",[t._v("ClientRegistration")]),t._v("的 ID。")])])]),t._v(" "),i("tbody",[i("tr",[i("td",[i("strong",[t._v("2")])]),t._v(" "),i("td",[i("code",[t._v("clientId")]),t._v(":客户端标识符。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("3")])]),t._v(" "),i("td",[i("code",[t._v("clientSecret")]),t._v(":客户端秘密。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("4")])]),t._v(" "),i("td",[i("code",[t._v("clientAuthenticationMethod")]),t._v(":用于与提供程序验证客户端的方法。"),i("br"),t._v("支持的值是**客户端 _Secret_BASIC **，**客户端 _Secret_post **，**Private_Key_JWT **，"),i("strong",[t._v("客户端 _Secret_JWT "),i("strong",[t._v("和")]),t._v("无")]),i("a",{attrs:{href:"https://tools.ietf.org/html/rfc6749#section-2.1",target:"_blank",rel:"noopener noreferrer"}},[t._v("（公众客户）"),i("OutboundLink")],1),t._v("。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("5")])]),t._v(" "),i("td",[i("code",[t._v("authorizationGrantType")]),t._v(":OAuth2.0 授权框架定义了四个"),i("a",{attrs:{href:"https://tools.ietf.org/html/rfc6749#section-1.3",target:"_blank",rel:"noopener noreferrer"}},[t._v("授权授予"),i("OutboundLink")],1),t._v("类型。"),i("br"),t._v("支持的值是"),i("code",[t._v("authorization_code")]),t._v("，"),i("code",[t._v("client_credentials")]),t._v("，"),i("code",[t._v("password")]),t._v("，以及，扩展授权类型"),i("code",[t._v("urn:ietf:params:oauth:grant-type:jwt-bearer")]),t._v("。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("6")])]),t._v(" "),i("td",[i("code",[t._v("redirectUri")]),t._v(":客户端注册的重定向 URI，在最终用户对客户端进行了身份验证和授权访问之后，"),i("em",[t._v("授权服务器")]),t._v("将最终用户的用户代理"),i("br"),t._v("重定向到该 URI。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("7")])]),t._v(" "),i("td",[i("code",[t._v("scopes")]),t._v(":客户端在授权请求流期间请求的范围，例如 OpenID、电子邮件或配置文件。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("8")])]),t._v(" "),i("td",[i("code",[t._v("clientName")]),t._v(":用于客户机的描述性名称。"),i("br"),t._v("该名称可用于某些场景，例如在自动生成的登录页面中显示客户机的名称时。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("9")])]),t._v(" "),i("td",[i("code",[t._v("authorizationUri")]),t._v(":授权服务器的授权端点 URI。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("10")])]),t._v(" "),i("td",[i("code",[t._v("tokenUri")]),t._v(":授权服务器的令牌端点 URI。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("11")])]),t._v(" "),i("td",[i("code",[t._v("jwkSetUri")]),t._v(":用于从授权服务器检索"),i("a",{attrs:{href:"https://tools.ietf.org/html/rfc7517",target:"_blank",rel:"noopener noreferrer"}},[t._v("JSON Web Key "),i("OutboundLink")],1),t._v("集的 URI，"),i("br"),t._v("，其中包含用于验证 ID 令牌的"),i("a",{attrs:{href:"https://tools.ietf.org/html/rfc7515",target:"_blank",rel:"noopener noreferrer"}},[t._v("JSON Web 签名"),i("OutboundLink")],1),t._v("的加密密钥，以及可选的 userinfo 响应。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("12")])]),t._v(" "),i("td",[i("code",[t._v("issuerUri")]),t._v(":返回 OpenID Connect1.0 提供程序或 OAuth2.0 授权服务器的发行者标识符 URI。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("13")])]),t._v(" "),i("td",[i("code",[t._v("configurationMetadata")]),t._v(":"),i("a",{attrs:{href:"https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig",target:"_blank",rel:"noopener noreferrer"}},[t._v("OpenID 提供者配置信息"),i("OutboundLink")],1),t._v("."),i("br"),t._v("只有在配置了 Spring boot2.x 属性"),i("code",[t._v("spring.security.oauth2.client.provider.[providerId].issuerUri")]),t._v("时，该信息才可用。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("14")])]),t._v(" "),i("td",[i("code",[t._v("(userInfoEndpoint)uri")]),t._v(":用于访问经过身份验证的最终用户的声明/属性的 userinfo 端点 URI。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("15")])]),t._v(" "),i("td",[i("code",[t._v("(userInfoEndpoint)authenticationMethod")]),t._v(":向 UserInfo 端点发送访问令牌时使用的身份验证方法。"),i("br"),t._v("支持的值是"),i("strong",[t._v("页眉")]),t._v("、"),i("strong",[t._v("形式")]),t._v("和"),i("strong",[t._v("查询")]),t._v("。")])]),t._v(" "),i("tr",[i("td",[i("strong",[t._v("16")])]),t._v(" "),i("td",[i("code",[t._v("userNameAttributeName")]),t._v(":在引用最终用户的名称或标识符的 UserInfo 响应中返回的属性的名称。")])])])]),t._v(" "),i("p",[t._v("可以使用发现 OpenID Connect 提供者的"),i("a",{attrs:{href:"https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig",target:"_blank",rel:"noopener noreferrer"}},[t._v("配置端点"),i("OutboundLink")],1),t._v("或授权服务器的"),i("a",{attrs:{href:"https://tools.ietf.org/html/rfc8414#section-3",target:"_blank",rel:"noopener noreferrer"}},[t._v("元数据端点"),i("OutboundLink")],1),t._v("来初始配置"),i("code",[t._v("ClientRegistration")]),t._v("。")]),t._v(" "),i("p",[i("code",[t._v("ClientRegistrations")]),t._v("以这种方式为配置"),i("code",[t._v("ClientRegistration")]),t._v("提供了方便的方法，如下例所示：")]),t._v(" "),i("p",[t._v("爪哇")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v('ClientRegistration clientRegistration =\n\tClientRegistrations.fromIssuerLocation("https://idp.example.com/issuer").build();\n')])])]),i("p",[t._v("Kotlin")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v('val clientRegistration = ClientRegistrations.fromIssuerLocation("https://idp.example.com/issuer").build()\n')])])]),i("p",[t._v("上面的代码将在系列"),i("code",[t._v("[https://idp.example.com/issuer/.well-known/openid-configuration](https://idp.example.com/issuer/.well-known/openid-configuration)")]),t._v("中查询，然后"),i("code",[t._v("[https://idp.example.com/.well-known/openid-configuration/issuer](https://idp.example.com/.well-known/openid-configuration/issuer)")]),t._v("，最后是"),i("code",[t._v("[https://idp.example.com/.well-known/oauth-authorization-server/issuer](https://idp.example.com/.well-known/oauth-authorization-server/issuer)")]),t._v("，在第一次停止时返回 200 响应。")]),t._v(" "),i("p",[t._v("作为一种替代方法，你可以使用"),i("code",[t._v("ClientRegistrations.fromOidcIssuerLocation()")]),t._v("仅查询 OpenID Connect 提供者的配置端点。")]),t._v(" "),i("h2",{attrs:{id:"重新激活注册存储库"}},[i("a",{staticClass:"header-anchor",attrs:{href:"#重新激活注册存储库"}},[t._v("#")]),t._v(" 重新激活注册存储库")]),t._v(" "),i("p",[i("code",[t._v("ReactiveClientRegistrationRepository")]),t._v("充当 OAuth2.0/OpenID Connect1.0"),i("code",[t._v("ClientRegistration")]),t._v("（s）的存储库。")]),t._v(" "),i("table",[i("thead",[i("tr",[i("th"),t._v(" "),i("th",[t._v("客户端注册信息最终由关联的授权服务器存储和拥有。"),i("br"),t._v("此存储库提供检索主客户端注册信息的子集的能力，该子集与授权服务器一起存储。")])])]),t._v(" "),i("tbody")]),t._v(" "),i("p",[t._v("Spring Boot2.x Auto-Configuration 将"),i("code",[t._v("spring.security.oauth2.client.registration.*[registrationId]*")]),t._v("下的每个属性绑定到"),i("code",[t._v("ClientRegistration")]),t._v("的一个实例，然后在"),i("code",[t._v("ClientRegistration")]),t._v("中组合每个"),i("code",[t._v("ClientRegistration")]),t._v("实例。")]),t._v(" "),i("table",[i("thead",[i("tr",[i("th"),t._v(" "),i("th",[i("code",[t._v("ReactiveClientRegistrationRepository")]),t._v("的默认实现是"),i("code",[t._v("InMemoryReactiveClientRegistrationRepository")]),t._v("。")])])]),t._v(" "),i("tbody")]),t._v(" "),i("p",[t._v("自动配置还在"),i("code",[t._v("ApplicationContext")]),t._v("中将"),i("code",[t._v("ReactiveClientRegistrationRepository")]),t._v("注册为"),i("code",[t._v("@Bean")]),t._v("，以便在应用程序需要时可用于依赖注入。")]),t._v(" "),i("p",[t._v("下面的清单展示了一个示例：")]),t._v(" "),i("p",[t._v("爪哇")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v('@Controller\npublic class OAuth2ClientController {\n\n\t@Autowired\n\tprivate ReactiveClientRegistrationRepository clientRegistrationRepository;\n\n\t@GetMapping("/")\n\tpublic Mono<String> index() {\n\t\treturn this.clientRegistrationRepository.findByRegistrationId("okta")\n\t\t\t\t...\n\t\t\t\t.thenReturn("index");\n\t}\n}\n')])])]),i("p",[t._v("Kotlin")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v('@Controller\nclass OAuth2ClientController {\n\n    @Autowired\n    private lateinit var clientRegistrationRepository: ReactiveClientRegistrationRepository\n\n    @GetMapping("/")\n    fun index(): Mono<String> {\n        return this.clientRegistrationRepository.findByRegistrationId("okta")\n            ...\n            .thenReturn("index")\n    }\n}\n')])])]),i("h2",{attrs:{id:"oauth2-授权客户端"}},[i("a",{staticClass:"header-anchor",attrs:{href:"#oauth2-授权客户端"}},[t._v("#")]),t._v(" OAuth2 授权客户端")]),t._v(" "),i("p",[i("code",[t._v("OAuth2AuthorizedClient")]),t._v("是授权客户的表示。当最终用户（资源所有者）已向客户端授予访问其受保护资源的授权时，客户端被视为已被授权。")]),t._v(" "),i("p",[i("code",[t._v("OAuth2AuthorizedClient")]),t._v("的目的是将"),i("code",[t._v("OAuth2AccessToken")]),t._v("（和可选"),i("code",[t._v("OAuth2RefreshToken")]),t._v("）关联到"),i("code",[t._v("ClientRegistration")]),t._v("（客户端）和资源所有者，后者是授予授权的"),i("code",[t._v("Principal")]),t._v("最终用户。")]),t._v(" "),i("h2",{attrs:{id:"serveroauth2authorizedclientpository-reactiveoauth2authorizedclientservice"}},[i("a",{staticClass:"header-anchor",attrs:{href:"#serveroauth2authorizedclientpository-reactiveoauth2authorizedclientservice"}},[t._v("#")]),t._v(" serveroauth2authorizedclientpository/reactiveoauth2authorizedclientservice")]),t._v(" "),i("p",[i("code",[t._v("ServerOAuth2AuthorizedClientRepository")]),t._v("负责在 Web 请求之间持久化"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("。然而，"),i("code",[t._v("ReactiveOAuth2AuthorizedClientService")]),t._v("的主要作用是在应用程序级管理"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("。")]),t._v(" "),i("p",[t._v("从开发人员的角度来看，"),i("code",[t._v("ServerOAuth2AuthorizedClientRepository")]),t._v("或"),i("code",[t._v("ReactiveOAuth2AuthorizedClientService")]),t._v("提供了查找与客户端关联的"),i("code",[t._v("OAuth2AccessToken")]),t._v("的功能，以便可以使用它来发起受保护的资源请求。")]),t._v(" "),i("p",[t._v("下面的清单展示了一个示例：")]),t._v(" "),i("p",[t._v("爪哇")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v('@Controller\npublic class OAuth2ClientController {\n\n\t@Autowired\n\tprivate ReactiveOAuth2AuthorizedClientService authorizedClientService;\n\n\t@GetMapping("/")\n\tpublic Mono<String> index(Authentication authentication) {\n\t\treturn this.authorizedClientService.loadAuthorizedClient("okta", authentication.getName())\n\t\t\t\t.map(OAuth2AuthorizedClient::getAccessToken)\n\t\t\t\t...\n\t\t\t\t.thenReturn("index");\n\t}\n}\n')])])]),i("p",[t._v("Kotlin")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v('@Controller\nclass OAuth2ClientController {\n\n    @Autowired\n    private lateinit var authorizedClientService: ReactiveOAuth2AuthorizedClientService\n\n    @GetMapping("/")\n    fun index(authentication: Authentication): Mono<String> {\n        return this.authorizedClientService.loadAuthorizedClient<OAuth2AuthorizedClient>("okta", authentication.name)\n            .map { it.accessToken }\n            ...\n            .thenReturn("index")\n    }\n}\n')])])]),i("table",[i("thead",[i("tr",[i("th"),t._v(" "),i("th",[t._v("Spring Boot2.x 自动配置在"),i("code",[t._v("ApplicationContext")]),t._v("中注册了一个"),i("code",[t._v("ServerOAuth2AuthorizedClientRepository")]),t._v("和/或"),i("code",[t._v("ReactiveOAuth2AuthorizedClientService``@Bean")]),t._v("。"),i("br"),t._v("但是，应用程序可以选择覆盖和注册一个自定义的"),i("code",[t._v("ServerOAuth2AuthorizedClientRepository")]),t._v("或"),i("code",[t._v("ReactiveOAuth2AuthorizedClientService")]),t._v("。")])])]),t._v(" "),i("tbody")]),t._v(" "),i("p",[i("code",[t._v("ReactiveOAuth2AuthorizedClientService")]),t._v("的默认实现是"),i("code",[t._v("InMemoryReactiveOAuth2AuthorizedClientService")]),t._v("，它在内存中存储"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("。")]),t._v(" "),i("p",[t._v("或者，R2DBC 实现可以被配置为在数据库中持久化。")]),t._v(" "),i("table",[i("thead",[i("tr",[i("th"),t._v(" "),i("th",[i("code",[t._v("R2dbcReactiveOAuth2AuthorizedClientService")]),t._v("取决于"),i("RouterLink",{attrs:{to:"/servlet/appendix/database-schema.html#dbschema-oauth2-client"}},[t._v("OAuth2.0 客户端模式")]),t._v("中描述的表定义。")],1)])]),t._v(" "),i("tbody")]),t._v(" "),i("h2",{attrs:{id:"reactiveoauth2authorizedclientmanager-reactiveoauth2authorizedclientprovider"}},[i("a",{staticClass:"header-anchor",attrs:{href:"#reactiveoauth2authorizedclientmanager-reactiveoauth2authorizedclientprovider"}},[t._v("#")]),t._v(" reactiveOAuth2AuthorizedClientManager/reactiveOAuth2AuthorizedClientProvider")]),t._v(" "),i("p",[i("code",[t._v("ReactiveOAuth2AuthorizedClientManager")]),t._v("负责"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("（s）的全面管理。")]),t._v(" "),i("p",[t._v("主要职责包括：")]),t._v(" "),i("ul",[i("li",[i("p",[t._v("使用"),i("code",[t._v("ReactiveOAuth2AuthorizedClientProvider")]),t._v("对 OAuth2.0 客户端进行授权（或重新授权）。")])]),t._v(" "),i("li",[i("p",[t._v("委派"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("的持久性，通常使用"),i("code",[t._v("ReactiveOAuth2AuthorizedClientService")]),t._v("或"),i("code",[t._v("ServerOAuth2AuthorizedClientRepository")]),t._v("。")])]),t._v(" "),i("li",[i("p",[t._v("当一个 OAuth2.0 客户端已被成功授权（或重新授权）时，将其委托给"),i("code",[t._v("ReactiveOAuth2AuthorizationSuccessHandler")]),t._v("。")])]),t._v(" "),i("li",[i("p",[t._v("当 OAuth2.0 客户端未能授权（或重新授权）时，将其委托给"),i("code",[t._v("ReactiveOAuth2AuthorizationFailureHandler")]),t._v("。")])])]),t._v(" "),i("p",[i("code",[t._v("ReactiveOAuth2AuthorizedClientProvider")]),t._v("实现了对 OAuth2.0 客户端进行授权（或重新授权）的策略。实现通常将实现一种授权授予类型，例如。"),i("code",[t._v("authorization_code")]),t._v("，"),i("code",[t._v("client_credentials")]),t._v("等。")]),t._v(" "),i("p",[i("code",[t._v("ReactiveOAuth2AuthorizedClientManager")]),t._v("的默认实现是"),i("code",[t._v("DefaultReactiveOAuth2AuthorizedClientManager")]),t._v("，它与"),i("code",[t._v("ReactiveOAuth2AuthorizedClientProvider")]),t._v("相关联，后者可能使用基于委托的组合来支持多个授权授予类型。"),i("code",[t._v("ReactiveOAuth2AuthorizedClientProviderBuilder")]),t._v("可用于配置和构建基于委托的组合。")]),t._v(" "),i("p",[t._v("下面的代码展示了如何配置和构建"),i("code",[t._v("ReactiveOAuth2AuthorizedClientProvider")]),t._v("组合的示例，该组合为"),i("code",[t._v("authorization_code")]),t._v("、"),i("code",[t._v("refresh_token")]),t._v("、"),i("code",[t._v("client_credentials")]),t._v("和"),i("code",[t._v("password")]),t._v("授权授予类型提供支持：")]),t._v(" "),i("p",[t._v("爪哇")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v("@Bean\npublic ReactiveOAuth2AuthorizedClientManager authorizedClientManager(\n\t\tReactiveClientRegistrationRepository clientRegistrationRepository,\n\t\tServerOAuth2AuthorizedClientRepository authorizedClientRepository) {\n\n\tReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =\n\t\t\tReactiveOAuth2AuthorizedClientProviderBuilder.builder()\n\t\t\t\t\t.authorizationCode()\n\t\t\t\t\t.refreshToken()\n\t\t\t\t\t.clientCredentials()\n\t\t\t\t\t.password()\n\t\t\t\t\t.build();\n\n\tDefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =\n\t\t\tnew DefaultReactiveOAuth2AuthorizedClientManager(\n\t\t\t\t\tclientRegistrationRepository, authorizedClientRepository);\n\tauthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);\n\n\treturn authorizedClientManager;\n}\n")])])]),i("p",[t._v("Kotlin")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v("@Bean\nfun authorizedClientManager(\n        clientRegistrationRepository: ReactiveClientRegistrationRepository,\n        authorizedClientRepository: ServerOAuth2AuthorizedClientRepository): ReactiveOAuth2AuthorizedClientManager {\n    val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()\n            .authorizationCode()\n            .refreshToken()\n            .clientCredentials()\n            .password()\n            .build()\n    val authorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(\n            clientRegistrationRepository, authorizedClientRepository)\n    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)\n    return authorizedClientManager\n}\n")])])]),i("p",[t._v("当授权尝试成功时，"),i("code",[t._v("DefaultReactiveOAuth2AuthorizedClientManager")]),t._v("将委托给"),i("code",[t._v("ReactiveOAuth2AuthorizationSuccessHandler")]),t._v("，该（默认情况下）将通过"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("保存"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("。在重新授权失败的情况下，例如，刷新令牌不再有效，先前保存的"),i("code",[t._v("OAuth2AuthorizedClient")]),t._v("将通过"),i("code",[t._v("RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler")]),t._v("从"),i("code",[t._v("ServerOAuth2AuthorizedClientRepository")]),t._v("中删除。默认行为可以通过"),i("code",[t._v("setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler)")]),t._v("和"),i("code",[t._v("setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler)")]),t._v("进行定制。")]),t._v(" "),i("p",[i("code",[t._v("DefaultReactiveOAuth2AuthorizedClientManager")]),t._v("还与类型"),i("code",[t._v("Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>>")]),t._v("的"),i("code",[t._v("contextAttributesMapper")]),t._v("相关联，它负责将属性从"),i("code",[t._v("OAuth2AuthorizeRequest")]),t._v("映射到要与"),i("code",[t._v("OAuth2AuthorizationContext")]),t._v("相关联的属性的"),i("code",[t._v("Map")]),t._v("。当你需要提供带有 Required（Supported）属性的"),i("code",[t._v("ReactiveOAuth2AuthorizedClientProvider")]),t._v("时，这可能是有用的，例如，"),i("code",[t._v("PasswordReactiveOAuth2AuthorizedClientProvider")]),t._v("要求资源所有者的"),i("code",[t._v("username")]),t._v("和"),i("code",[t._v("password")]),t._v("在"),i("code",[t._v("OAuth2AuthorizationContext.getAttributes()")]),t._v("中可用。")]),t._v(" "),i("p",[t._v("下面的代码显示了"),i("code",[t._v("contextAttributesMapper")]),t._v("的示例：")]),t._v(" "),i("p",[t._v("爪哇")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v("@Bean\npublic ReactiveOAuth2AuthorizedClientManager authorizedClientManager(\n\t\tReactiveClientRegistrationRepository clientRegistrationRepository,\n\t\tServerOAuth2AuthorizedClientRepository authorizedClientRepository) {\n\n\tReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =\n\t\t\tReactiveOAuth2AuthorizedClientProviderBuilder.builder()\n\t\t\t\t\t.password()\n\t\t\t\t\t.refreshToken()\n\t\t\t\t\t.build();\n\n\tDefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =\n\t\t\tnew DefaultReactiveOAuth2AuthorizedClientManager(\n\t\t\t\t\tclientRegistrationRepository, authorizedClientRepository);\n\tauthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);\n\n\t// Assuming the `username` and `password` are supplied as `ServerHttpRequest` parameters,\n\t// map the `ServerHttpRequest` parameters to `OAuth2AuthorizationContext.getAttributes()`\n\tauthorizedClientManager.setContextAttributesMapper(contextAttributesMapper());\n\n\treturn authorizedClientManager;\n}\n\nprivate Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper() {\n\treturn authorizeRequest -> {\n\t\tMap<String, Object> contextAttributes = Collections.emptyMap();\n\t\tServerWebExchange exchange = authorizeRequest.getAttribute(ServerWebExchange.class.getName());\n\t\tServerHttpRequest request = exchange.getRequest();\n\t\tString username = request.getQueryParams().getFirst(OAuth2ParameterNames.USERNAME);\n\t\tString password = request.getQueryParams().getFirst(OAuth2ParameterNames.PASSWORD);\n\t\tif (StringUtils.hasText(username) && StringUtils.hasText(password)) {\n\t\t\tcontextAttributes = new HashMap<>();\n\n\t\t\t// `PasswordReactiveOAuth2AuthorizedClientProvider` requires both attributes\n\t\t\tcontextAttributes.put(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, username);\n\t\t\tcontextAttributes.put(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, password);\n\t\t}\n\t\treturn Mono.just(contextAttributes);\n\t};\n}\n")])])]),i("p",[t._v("Kotlin")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v("@Bean\nfun authorizedClientManager(\n        clientRegistrationRepository: ReactiveClientRegistrationRepository,\n        authorizedClientRepository: ServerOAuth2AuthorizedClientRepository): ReactiveOAuth2AuthorizedClientManager {\n    val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()\n            .password()\n            .refreshToken()\n            .build()\n    val authorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(\n            clientRegistrationRepository, authorizedClientRepository)\n    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)\n\n    // Assuming the `username` and `password` are supplied as `ServerHttpRequest` parameters,\n    // map the `ServerHttpRequest` parameters to `OAuth2AuthorizationContext.getAttributes()`\n    authorizedClientManager.setContextAttributesMapper(contextAttributesMapper())\n    return authorizedClientManager\n}\n\nprivate fun contextAttributesMapper(): Function<OAuth2AuthorizeRequest, Mono<MutableMap<String, Any>>> {\n    return Function { authorizeRequest ->\n        var contextAttributes: MutableMap<String, Any> = mutableMapOf()\n        val exchange: ServerWebExchange = authorizeRequest.getAttribute(ServerWebExchange::class.java.name)!!\n        val request: ServerHttpRequest = exchange.request\n        val username: String? = request.queryParams.getFirst(OAuth2ParameterNames.USERNAME)\n        val password: String? = request.queryParams.getFirst(OAuth2ParameterNames.PASSWORD)\n        if (StringUtils.hasText(username) && StringUtils.hasText(password)) {\n            contextAttributes = hashMapOf()\n\n            // `PasswordReactiveOAuth2AuthorizedClientProvider` requires both attributes\n            contextAttributes[OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME] = username!!\n            contextAttributes[OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME] = password!!\n        }\n        Mono.just(contextAttributes)\n    }\n}\n")])])]),i("p",[i("code",[t._v("DefaultReactiveOAuth2AuthorizedClientManager")]),t._v("被设计用于***内***"),i("code",[t._v("ServerWebExchange")]),t._v("的上下文。当操作***外面***的"),i("code",[t._v("ServerWebExchange")]),t._v("上下文时，请使用"),i("code",[t._v("AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager")]),t._v("。")]),t._v(" "),i("p",[t._v("当使用"),i("code",[t._v("AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager")]),t._v("时，"),i("em",[t._v("服务应用程序")]),t._v("是一个常见的用例。服务应用程序通常在后台运行，没有任何用户交互，并且通常在系统级帐户而不是用户帐户下运行。配置为"),i("code",[t._v("client_credentials")]),t._v("grant 类型的 OAuth2.0 客户机可以被视为服务应用程序的一种类型。")]),t._v(" "),i("p",[t._v("下面的代码展示了如何配置"),i("code",[t._v("AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager")]),t._v("的示例，该示例为"),i("code",[t._v("client_credentials")]),t._v("grant 类型提供支持：")]),t._v(" "),i("p",[t._v("爪哇")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v("@Bean\npublic ReactiveOAuth2AuthorizedClientManager authorizedClientManager(\n\t\tReactiveClientRegistrationRepository clientRegistrationRepository,\n\t\tReactiveOAuth2AuthorizedClientService authorizedClientService) {\n\n\tReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =\n\t\t\tReactiveOAuth2AuthorizedClientProviderBuilder.builder()\n\t\t\t\t\t.clientCredentials()\n\t\t\t\t\t.build();\n\n\tAuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager =\n\t\t\tnew AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(\n\t\t\t\t\tclientRegistrationRepository, authorizedClientService);\n\tauthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);\n\n\treturn authorizedClientManager;\n}\n")])])]),i("p",[t._v("Kotlin")]),t._v(" "),i("div",{staticClass:"language- extra-class"},[i("pre",{pre:!0,attrs:{class:"language-text"}},[i("code",[t._v("@Bean\nfun authorizedClientManager(\n        clientRegistrationRepository: ReactiveClientRegistrationRepository,\n        authorizedClientService: ReactiveOAuth2AuthorizedClientService): ReactiveOAuth2AuthorizedClientManager {\n    val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()\n            .clientCredentials()\n            .build()\n    val authorizedClientManager = AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(\n            clientRegistrationRepository, authorizedClientService)\n    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)\n    return authorizedClientManager\n}\n")])])]),i("p",[i("RouterLink",{attrs:{to:"/spring-security/index.html"}},[t._v("OAuth2 客户端")]),i("RouterLink",{attrs:{to:"/spring-security/authorization-grants.html"}},[t._v("OAuth2 授权授予")])],1)])}),[],!1,null,null,null);e.default=n.exports}}]);