All geek questions in one place

How to dynamically specify OAuth2 resource data in Spring Security?

I am creating an application integrating with Shopify API that uses OAuth2 for authentication and authorization. Using a tutorial for Spring Security OAuth2 and a tutorial for Shopify , I was able to integrate work with one store. The configuration of YAML is as follows:

shopify:
  shop: myshop
  scopes: read_customers,read_orders
security:
  oauth2:
    client:
      clientId: myclientid
      clientSecret: mysecret
      tokenName: access_token
      authenticationScheme: query
      clientAuthenticationScheme: form
      accessTokenUri: https://${shopify.shop}.myshopify.com/admin/oauth/access_token
      userAuthorizationUri: https://${shopify.shop}.myshopify.com/admin/oauth/authorize?scope=${shopify.scopes}&grant_options[]=
      pre-established-redirect-uri: https://myapp/login
      registered-redirect-uri: https://myapp/login
      use-current-uri: false
    resource:
      userInfoUri: https://${shopify.shop}.myshopify.com/admin/shop.json

However, this static configuration will not work for an application published to the Shopify App Store because the redirection, access, user information, and user URIs are dependent on the store name. There are examples of using multiple providers , but they should still be static.

URI , :

  • /login , , ThreadLocal, , AuthorizationCodeResourceDetails, OAuth2 Spring factory bean.

  • "", OAuth2ClientAuthenticationProcessingFilter , .

  • OAuth2ClientAuthenticationProcessingFilter, RestTemplate, .

. URI Spring Security OAuth2?

, OAuth2 , Spring ?

+4
2

, url oauth, getter Oauth2ProtectedResource

    @Bean(name = "googleOauthResource")
public BaseOAuth2ProtectedResourceDetails getGoogleOauthResource() {
    final AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails() {
        @Override
        public String getPreEstablishedRedirectUri() {
            final RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
            if (requestAttributes instanceof ServletRequestAttributes) {
                final HttpServletRequest request = ((ServletRequestAttributes)requestAttributes).getRequest();
                return request.getRequestURL() + "?" + request.getQueryString() + "&addStuff";
            }

            return super.getPreEstablishedRedirectUri();
        }
    };
    details.setId("google-oauth-client");
    details.setClientId("xxxxxxxxxxx");
    details.setClientSecret("xxxxxxxx");
    details.setAccessTokenUri("https://www.googleapis.com/oauth2/v4/token");
    details.setUserAuthorizationUri("https://accounts.google.com/o/oauth2/v2/auth");
    details.setTokenName("authorization_code");
    details.setScope(Arrays.asList("https://mail.google.com/,https://www.googleapis.com/auth/gmail.modify"));
    details.setPreEstablishedRedirectUri("http://localhost:8080/xxx-api-web/v2/gmail"); //TODO
    details.setUseCurrentUri(false);
    details.setAuthenticationScheme(AuthenticationScheme.query);
    details.setClientAuthenticationScheme(AuthenticationScheme.form);
    details.setGrantType("authorization_code");
    return details;
}
+1

, ThreadLocal. , , :

ServletRequest LocalThread OAuth2ClientAuthenticationProcessingFilter:

  • attemptAuthentication
  • successfulAuthentication
  • unsuccessfulAuthentication
  • requiresAuthentication

URI OAuth2RestTemplate, :

  • createRequest
  • doExecute
  • appendQueryParameter

, , @ Bean RestTemplate @Service, Shopify.

, .

+1

Source: https://habr.com/ru/post/1676580/

More articles:


All Articles