如何在 Spring Boot 2.0 OAuth2 授权服务器上验证移动应用程序 facebook/google 访问令牌?

Jeg*_*ega 5 android spring-security spring-social spring-boot spring-security-oauth2

我正在尝试使用 Facebook Account-Kit 服务验证 Android/iOS 客户端电话号码或电子邮件地址。我不确定如何使用基于 Spring Boot 的后端服务器验证授权码或访问令牌并返回我自己的访问令牌。

在此之间,我已经彻底了解了这个博客https://www.baeldung.com/spring-security-5-oauth2-login,但它基于会话。我不清楚如何将其更改为无状态(例如 /oauth/token)。

任何人都可以让我知道如何解决这个问题吗?

参考:[ https://developers.facebook.com/docs/accountkit/graphapi][1]

这是我的代码:

@Configuration
@EnableOAuth2Client
public class SocialConfig extends WebSecurityConfigurerAdapter {

@Autowired
OAuth2ClientContext oauth2ClientContext;

private String[] PUBLIC_URL = { "/*", "/api/v1/account/validate", "login/accountkit", "/api/v1/account" };

@Override
protected void configure(HttpSecurity http) throws Exception {
    // super.configure(http);
    http.authorizeRequests()
    .antMatchers(PUBLIC_URL).permitAll()
    .anyRequest().authenticated()
    .and().csrf()
    .disable()
    .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);

}

private Filter ssoFilter() {
    OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(
            "/login/accountkit");
    OAuth2ProtectedResourceDetails accountkit = accountKit();
    OAuth2RestTemplate template = new OAuth2RestTemplate(accountkit, oauth2ClientContext);
    filter.setRestTemplate(template);
    UserInfoTokenServices userInfo = new UserInfoTokenServices(accountKitResource().getUserInfoUri(),
            accountkit.getClientId());
    userInfo.setRestTemplate(template);
    filter.setTokenServices(userInfo);
    return filter;
}

@Bean
@ConfigurationProperties("accountkit.client")
protected OAuth2ProtectedResourceDetails accountKit() {
    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
    resource.setAccessTokenUri("https://graph.accountkit.com/v1.2/me");
    resource.setUserAuthorizationUri("https://graph.accountkit.com/v1.2/access_token");
    resource.setClientId("AA|xxxx|xxx");
    resource.setGrantType("authorization_code");
    resource.setTokenName("access_token");
    resource.setAuthenticationScheme(AuthenticationScheme.form);
    resource.setPreEstablishedRedirectUri("http://localhost:8080/login/accountkit");
    return resource;
}

@Bean
@ConfigurationProperties("accountkit.resource")
protected ResourceServerProperties accountKitResource() {
    return new ResourceServerProperties();
}
Run Code Online (Sandbox Code Playgroud)

}