版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_27868061/article/details/84584030
1.获取授权码
http://localhost:8080/oauth/authorize?client_id=shop&redirect_uri=http://localhost:3000&response_type=code&scope=read
GET /oauth/authorize?client_id=shop&redirect_uri=http://localhost:3000&response_type=code&scope=read HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Authorization: Basic YWRtaW46MTIzNDU2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: JSESSIONID=18244A86D7F7C0D3AB3B0F954B77945D
HTTP/1.1 302
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Location: http://localhost:3000?code=xNsCWE
Content-Language: zh-CN
Content-Length: 0
Date: Wed, 28 Nov 2018 06:44:02 GMT
client_id | 客户端ID |
redirect_uri | 重定向URL,必须包含于配置的重定向URL之中 |
response_type | code,代表授权码模式 |
scope | 必须包含于配置的scope之中 |
code | 授权码 |
重定向参数只有一个授权码
2.获取token请求
POST /oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
cache-control: no-cache
Postman-Token: c4b3c5a5-ce08-41e9-807e-8c22e908ad4b
User-Agent: PostmanRuntime/7.4.0
Accept: */*
Host: localhost:8080
cookie: JSESSIONID=B3F79C16FEF5615343A4E1EE0D2AF16D
accept-encoding: gzip, deflate
content-length: 120
Connection: keep-alive
client_id=shop&client_secret=123456&grant_type=authorization_code&code=xNsCWE&redirect_uri=http%3A%2F%2Flocalhost%3A3000HTTP/1.1 200
Cache-Control: no-store
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 28 Nov 2018 06:48:40 GMT
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZ29vZHMiXSwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJyZWFkIl0sImV4cCI6MTU0Njk4NzcxOSwidXNlciI6eyJwYXNzd29yZCI6bnVsbCwidXNlcm5hbWUiOiJhZG1pbiIsImF1dGhvcml0aWVzIjpbeyJhdXRob3JpdHkiOiJST0xFX0FETUlOIn1dLCJhY2NvdW50Tm9uRXhwaXJlZCI6dHJ1ZSwiYWNjb3VudE5vbkxvY2tlZCI6dHJ1ZSwiY3JlZGVudGlhbHNOb25FeHBpcmVkIjp0cnVlLCJlbmFibGVkIjp0cnVlfSwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiIxMGIyOTE1ZS1mMWY5LTRkOGYtYWRlMC1iNmI1NDNjNjVjNTgiLCJjbGllbnRfaWQiOiJzaG9wIn0.JeyQ5wu5pX-8wDKncMBIUTIUjzqWd7MYw7PtH7Dg21s",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZ29vZHMiXSwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJyZWFkIl0sImF0aSI6IjEwYjI5MTVlLWYxZjktNGQ4Zi1hZGUwLWI2YjU0M2M2NWM1OCIsImV4cCI6MTU0MzM4NzcyMCwidXNlciI6eyJwYXNzd29yZCI6bnVsbCwidXNlcm5hbWUiOiJhZG1pbiIsImF1dGhvcml0aWVzIjpbeyJhdXRob3JpdHkiOiJST0xFX0FETUlOIn1dLCJhY2NvdW50Tm9uRXhwaXJlZCI6dHJ1ZSwiYWNjb3VudE5vbkxvY2tlZCI6dHJ1ZSwiY3JlZGVudGlhbHNOb25FeHBpcmVkIjp0cnVlLCJlbmFibGVkIjp0cnVlfSwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiI2NjA2OWU2MC1iMmE2LTQxY2MtOTE5Ni1lMmE0NGEyYjY0Y2IiLCJjbGllbnRfaWQiOiJzaG9wIn0.PJJAX7dKCF61Sv_bqY5yjjohwPYm4FT1ImkgTaFTfSs",
"expires_in": 3599999,
"scope": "read",
"user": {
"password": null,
"username": "admin",
"authorities": [{
"authority": "ROLE_ADMIN"
}],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"jti": "10b2915e-f1f9-4d8f-ade0-b6b543c65c58"
}
client_id | 客户端ID |
client_secret | 客户端密钥 |
grant_type | authorization_code,代表授权类型为授权码模式 |
code | 上一步获取的授权码 |
redirect_uri | 上一步使用的重定向URL |
access_token | 访问token,访问客户端资源需要这个 |
refresh_token | 刷新token,需要获取新的token时使用它 |
token_type | bearer |
expires_in | 访问token过期的毫秒数,刷新token可以设置为不验证,即没有过期时间 |
scope | 访问的客户端scope |
user | 当前用户 |
jti | 不知道是啥 |
3.刷新token请求
POST /oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
cache-control: no-cache
Postman-Token: b1e1df35-01b7-4cbe-8f3d-e23cfc19f3a1
User-Agent: PostmanRuntime/7.4.0
Accept: */*
Host: localhost:8080
cookie: JSESSIONID=B3F79C16FEF5615343A4E1EE0D2AF16D
accept-encoding: gzip, deflate
content-length: 579
Connection: keep-alive
client_id=shop
&
client_secret=123456
&
grant_type=refresh_token
&
refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZ29vZHMiXSwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJyZWFkIl0sImF0aSI6IjFhZTA3ZTM2LWQ0MmQtNDA2Ny1iZjQyLTA3ZGE5MjM0NzFmMiIsInVzZXIiOnsicGFzc3dvcmQiOm51bGwsInVzZXJuYW1lIjoiYWRtaW4iLCJhdXRob3JpdGllcyI6W10sImFjY291bnROb25FeHBpcmVkIjp0cnVlLCJhY2NvdW50Tm9uTG9ja2VkIjp0cnVlLCJjcmVkZW50aWFsc05vbkV4cGlyZWQiOnRydWUsImVuYWJsZWQiOnRydWV9LCJqdGkiOiI0Nzk3YTU4ZS04MzA3LTRjNGEtYTE4NS05NmY4N2FiZTRjODQiLCJjbGllbnRfaWQiOiJzaG9wIn0.16QlsvNsAHeVsuIsXR-AOvf193YM_fkSJ6_aQEHGtcY
HTTP/1.1 200
Cache-Control: no-store
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 28 Nov 2018 07:56:39 GMT
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZ29vZHMiXSwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJyZWFkIl0sImV4cCI6MTU0Njk5MTc5OSwidXNlciI6eyJwYXNzd29yZCI6bnVsbCwidXNlcm5hbWUiOiJhZG1pbiIsImF1dGhvcml0aWVzIjpbXSwiYWNjb3VudE5vbkV4cGlyZWQiOnRydWUsImFjY291bnROb25Mb2NrZWQiOnRydWUsImNyZWRlbnRpYWxzTm9uRXhwaXJlZCI6dHJ1ZSwiZW5hYmxlZCI6dHJ1ZX0sImp0aSI6ImQ5MWU0NmRmLTM0MTMtNDZlYS04YTkyLTRjNDA2NTEyMDA5MiIsImNsaWVudF9pZCI6InNob3AifQ.Vcyuqlcw_Z1LJNrVcdMx_MnwbtnZ_lYjQ303bstRZ7E",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZ29vZHMiXSwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJyZWFkIl0sImF0aSI6ImQ5MWU0NmRmLTM0MTMtNDZlYS04YTkyLTRjNDA2NTEyMDA5MiIsInVzZXIiOnsicGFzc3dvcmQiOm51bGwsInVzZXJuYW1lIjoiYWRtaW4iLCJhdXRob3JpdGllcyI6W10sImFjY291bnROb25FeHBpcmVkIjp0cnVlLCJhY2NvdW50Tm9uTG9ja2VkIjp0cnVlLCJjcmVkZW50aWFsc05vbkV4cGlyZWQiOnRydWUsImVuYWJsZWQiOnRydWV9LCJqdGkiOiIyNzRiZmQ4YS1jYzI1LTQyMDAtOGI3Ny1hN2Y0Y2Q2YmQ2MjQiLCJjbGllbnRfaWQiOiJzaG9wIn0.7npv1WiPOT49ZNjoJs6S7EWAIagFOfft3HrpM9F5gxU",
"expires_in": 3599999,
"scope": "read",
"user": {
"password": null,
"username": "admin",
"authorities": [],
"accountNonExpired": true,
"accountNonLocked": true,
"credentialsNonExpired": true,
"enabled": true
},
"jti": "d91e46df-3413-46ea-8a92-4c4065120092"
}
client_id | 客户端ID |
client_secret | 客户端密钥 |
grant_type | refresh_token,这个授权类型专门用来刷新token,是其他类型的辅助 |
refresh_token | 上一步获取的刷新token |
刷新token返回值和上一步基本一样