see: github
see: OAuth2 & OpenID Connect概览
see: OAuth2/OpenID Connect Grant_type & 应用场景
see: OAuth2.0示例
see: OIDC示例
OAuth 2.1示例
- Authorization Code 授权码模式
- Authorization Code + PKCE 授权码PKCE模式
- Client Credentials 客户端模式
- Device Code 设备码模式
- Refresh Token
1 Authorization Code 授权码模式
1.1 封装获取token
GET http://localhost:8080/oauth2/authorize?response_type=code&client_id=clientCode&scope=testScope&redirect_uri=http://localhost:8080/oauth2callback/getTokenByCode
1.2 正常获取token
1.2.1 获取授权码Code
GET http://localhost:8080/oauth2/authorize?response_type=code&client_id=clientCode2&scope=testScope&redirect_uri=http://www.baidu.com
1.2.2 通过授权码Code获取token
POST http://localhost:8080/oauth2/token
x-www-form-urlencoded
grant_type:authorization_code
client_id:clientCode2
client_secret:secretCode2
redirect_uri:http://www.baidu.com
code:EiYTZZyRf2EAiCo_GMqBX_XWID7a0CcA238KrM3GeZNYNB7fX7dvwnm__idyt0CwLTpJRwUmGWL1jQWHfdG7BtyDQdTUcI10y_wa76IGJDP3FIW1KMwWEqLLUTz9LN-B
2 Authorization Code + PKCE 授权码PKCE模式
code_verifier:ZjE0NWI0MmUtNDM1MC00ZDFhLWIzN2ItNTJiOGIwMTUyMGIz
code_challenge:obgHsGjT2Rle_g9D1LJYzS5IyAHbr3lDiO6ORKJth4k
1.2.1 获取授权码Code
GET http://localhost:8080/oauth2/authorize?response_type=code&client_id=clientCodePKCE&scope=testScope&redirect_uri=http://www.baidu.com&code_challenge_method=S256&code_challenge=obgHsGjT2Rle_g9D1LJYzS5IyAHbr3lDiO6ORKJth4k
1.2.2 通过授权码Code获取token
POST http://localhost:8080/oauth2/token
x-www-form-urlencoded
grant_type:authorization_code
client_id:clientCodePKCE
redirect_uri:http://www.baidu.com
code_verifier:ZjE0NWI0MmUtNDM1MC00ZDFhLWIzN2ItNTJiOGIwMTUyMGIz
code:l5Uv52PpwarVdr-wdQBj5-yk7wCOYpKYvIuKr0lksVYaxM_jq6yvflawPJU3lJYDvTaWLs1XCgaPXnc0OJ9L1XVKhLFncTLGO4LNpv96aYMUHa2NJ-x0cuSEQaoK2SXq
3 Client Credentials 客户端模式
POST http://localhost:8080/oauth2/token
x-www-form-urlencoded
grant_type:client_credentials
client_id:clientCredentials
client_secret:secretCredentials
4 Device Code 设备码模式
4.1 【设备端】获取Device Code
4.1.1 Request
POST http://localhost:8080/oauth2/device_authorization
x-www-form-urlencoded
client_id:clientDevice
scope:testScope
4.1.2 Response
{
"user_code": "ZWXF-MTMT",
"device_code": "ZCxy53EziqKK8AsIqGCN1hKLcNAXA4K-CLsFGIu5mEqpVgou_V8fpnPS-yb1OkGmJVI6NCgeWgKHmxsBDfPQFscipZj3NGeUkbAg78CwG8QoCs-gKMOYss4bZc4mI5UT",
"verification_uri_complete": "http://localhost:8080/activate?user_code=ZWXF-MTMT",
"verification_uri": "http://localhost:8080/activate",
"expires_in": 300
}
4.2 登录并授权【APP端】
4.2.1 Request
GET http://localhost:8080/oauth2/device_verification?user_code=GJTG-HVVS
或(需要额外配置)
http://localhost:8080/activate?user_code=KFWJ-DDQS
4.2.2 Response
授权成功提示页
4.3 获取token【设备端】
4.3.1 Request
POST http://localhost:8080/oauth2/token
x-www-form-urlencoded
grant_type:urn:ietf:params:oauth:grant-type:device_code
client_id:clientDevice
device_code:Yv6TeF00ew-nPog0kcFI4GAA2NdMagMO_FKHI87zI05deLfj0LH2Aj4lDxEdWsNsrcfqYqHoK70AzZoVJj5EXMWAmosKTRVY4c80nx63MlOjxPUe8uDWEjE-9d2gMaLJ
4.3.2 Response
{
"access_token": "eyJraWQiOiJlZmNiNzYwZS00M2MzLTQ1ODAtOWQ2OS1hN2RhMDhmN2MxNTEiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwiYXVkIjoiY2xpZW50RGV2aWNlIiwibmJmIjoxNzAxMTUwMjQ0LCJzY29wZSI6WyJ0ZXN0U2NvcGUiXSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwiZXhwIjoxNzAxMTUwNTQ0LCJpYXQiOjE3MDExNTAyNDR9.Pj9SKB9hxfo2-x06c8i5hdZTJCcBulGBa67_mUTVZr6Yrq-_if7S4T4Co9a8SDUV_AZUItm-Pd059syTBMcqJNFkYJUMWdFHutfGgdzDs5gICJPIBns-X0OGvASGMo948AcU0FdoODJtjDGeDeNNAyG0zdfwEERalYXzOIKB0FuVjcd8iyv4pHxrpZfAvcHTpbCRNAz5f2oJcWJhMxwu-xMKLRuSiEPc9k_HlrvBqwYL07NQ00tgaJ5KJdloZUONTDt3lhuRWI166m2QpACojOLCACnH1nwJXYqMl3rOYeYVP6sJa_6-RdPNIjCoCHip9aSr30Kf_zXNEHparB3uDA",
"refresh_token": "_NPAy2yA7ydGV7eWKNS5e6--V7JAMMVEIKNZpDrMHfsF2ZFSSuj8qBGji-YWznjiq63jHIil_gpP8E1y7SvGZgXo6H3zL5F7ouKyTWJxcI9U1UMIDiIEllbS3AMgHM63",
"scope": "testScope",
"token_type": "Bearer",
"expires_in": 300
}
5 Refresh Token
POST http://localhost:8080/oauth2/token
x-www-form-urlencoded
grant_type:refresh_token
client_id:clientCode
client_secret:secretCode
refresh_token:FqZqqjjlpQlpSR5WasldooHF3dKSytJ7gVobHQLVrr6yz7vASviM-VtYnpmQFz33WaBXWn75Te2dwWasMCrtISv_yuZWSTtdzJUjPBbDjWIGB20EhwWOwzKBThPql3HZ