带有泽西岛的Spring Oauth 2.0：输入正确的凭据后，未经授权的响应401

发布于 2025-01-22 01:16:07 字数 914 浏览 1 评论 0原文

这是我的问题：当我尝试调用此方法时，我得到了这个错误

InboundJaxrsResponse{
    context=ClientResponse{method=POST,
    uri=http://localhost:9001/oauth/token, status=401,
    reason=Unauthorized}}

public String getToken() {
    String grant_type ="client_credentials";
    String client_id = "abcd";
    String client_secret = "mpoo";

    Form form = new Form();
    form.param("grant_type",grant_type);
    form.param("client_id",client_id);
    form.param("client_secret",client_secret);
    JerseyClientBuilder jerseyClientBuilder = new JerseyClientBuilder();
    JerseyWebTarget jerseyWebTarget =
            jerseyClientBuilder.build().target("http://localhost:9001/oauth/token");
    Response response = jerseyWebTarget.request().post(Entity.form(form));
    return response.toString();
}

吗？

原文

Here is my problem: when I try to call this method, I got this error

InboundJaxrsResponse{
    context=ClientResponse{method=POST,
    uri=http://localhost:9001/oauth/token, status=401,
    reason=Unauthorized}}

public String getToken() {
    String grant_type ="client_credentials";
    String client_id = "abcd";
    String client_secret = "mpoo";

    Form form = new Form();
    form.param("grant_type",grant_type);
    form.param("client_id",client_id);
    form.param("client_secret",client_secret);
    JerseyClientBuilder jerseyClientBuilder = new JerseyClientBuilder();
    JerseyWebTarget jerseyWebTarget =
            jerseyClientBuilder.build().target("http://localhost:9001/oauth/token");
    Response response = jerseyWebTarget.request().post(Entity.form(form));
    return response.toString();
}

Any Answer?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

少钕鈤記 2025-01-29 01:16:07

这不是发送令牌请求的正确方法。查看 for Client_credentials grant type 。请求的正确格式如下：

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

因此，只有Grant_Type才能是form>表单正文的一部分。 client_id和client_secret应该是 base644 编码并用于基本身份验证：

String credentials = client_id + ":" + client_secret;
String base64 = Base64.getEncoder().encode(credentials.getBytes(StandardCharsets.UTF_8));
Response res = jerseyWebTarget.request()
        .header(HttpHeaders.AUTHORIZATION, "Basic " + base64)
        .post(Entity.form(form));

That's not the correct way to send the token request. Look at the RFC for client_credentials grant type. The correct format for the request is as follows:

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

So only the grant_type should be a part of the Form body. The client_id and client_secret should be Base64 encoded and used for Basic Authentication:

String credentials = client_id + ":" + client_secret;
String base64 = Base64.getEncoder().encode(credentials.getBytes(StandardCharsets.UTF_8));
Response res = jerseyWebTarget.request()
        .header(HttpHeaders.AUTHORIZATION, "Basic " + base64)
        .post(Entity.form(form));

回复收藏 0 原文

~没有更多了~