Spring boot - google oauth2，在数据库中存储刷新令牌

Question

我正在尝试从登录我的系统的用户那里获取刷新令牌，并将其存储在数据库中。因此，我的生态系统中的不同系统可以访问存储的刷新令牌，使用它生成访问令牌，并使用带有用户凭据的谷歌日历 API。

到目前为止，我已经成功登录

@Configuration
public class AppConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private ClientRegistrationRepository clientRegistrationRepository;

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .authorizeRequests()
                .antMatchers("/**").authenticated()
                .anyRequest().permitAll()
                .and()
                .oauth2Login()
                .authorizationEndpoint()
                .authorizationRequestResolver(new CustomAuthorizationRequestResolver(
                        this.clientRegistrationRepository))
                .and()
                .and()
                .rememberMe();
    }
}

和

public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private final OAuth2AuthorizationRequestResolver defaultAuthorizationRequestResolver;

    public CustomAuthorizationRequestResolver(
            ClientRegistrationRepository clientRegistrationRepository) {

        this.defaultAuthorizationRequestResolver =
                new DefaultOAuth2AuthorizationRequestResolver(
                        clientRegistrationRepository, "/oauth2/authorization");
    }

    @Override
    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
        OAuth2AuthorizationRequest authorizationRequest =
                this.defaultAuthorizationRequestResolver.resolve(request);

        return authorizationRequest != null ?
        customAuthorizationRequest(authorizationRequest) :
        null;
    }

    @Override
    public OAuth2AuthorizationRequest resolve(
            HttpServletRequest request, String clientRegistrationId) {

        OAuth2AuthorizationRequest authorizationRequest =
                this.defaultAuthorizationRequestResolver.resolve(
                        request, clientRegistrationId);

        return authorizationRequest != null ?
        customAuthorizationRequest(authorizationRequest) :
        null;
    }

    private OAuth2AuthorizationRequest customAuthorizationRequest(
            OAuth2AuthorizationRequest authorizationRequest) {

        Map<String, Object> additionalParameters = new LinkedHashMap<>(authorizationRequest.getAdditionalParameters());
        additionalParameters.put("access_type", "offline");

        return OAuth2AuthorizationRequest.from(authorizationRequest)
                .additionalParameters(additionalParameters)
                .build();
    }

}

如何以及在哪里可以访问已登录用户的刷新令牌？

Answer 1

我回答了一个类似的问题here，但它是在kotlin中的，所以我会为你添加一个java版本。

这是获取刷新令牌的两种方法（或者更确切地说是OAuth2AuthorizedClient，您可以从中获取刷新令牌）。您使用哪一种取决于您的需求。

1. 将代表请求用户的OAuth2AuthorizedClient注入到端点方法中：

@GetMapping("/foo")
void foo(@RegisteredOAuth2AuthorizedClient("google") OAuth2AuthorizedClient user) {
    OAuth2RefreshToken refreshToken = user.getRefreshToken();
}

1. 在请求的上下文之外，您可以将OAuth2AuthorizedClientService 注入托管组件，并使用客户端注册ID 和主体名称获取所需的OAuth2AuthorizedClient 实例：

@Autowired
private OAuth2AuthorizedClientService clientService;

public void foo() {
    OAuth2AuthorizedClient user = clientService.loadAuthorizedClient("google", "principal-name");
    OAuth2RefreshToken refreshToken = user.getRefreshToken();
}