The 3 lines of code here does not mean that I really only need to write 3 lines of code, but it is based on a Spring Boot Oauth2 service that I have already written. You only need to modify 3 lines of database configuration information to get a Spring Boot Oauth2 service.
Project address https://github.com/jeesun/oauthserver
oauthserver
Introduction
oauthserver is a complete standalone Oauth server based on Spring Boot Oauth2. Just create the relevant data table, modify the connection information of the database, and you can get an Oauth server.
Supported relational databases:
- PostgreSQL
- MySQL
Implemented features:
- Integrate Spring Boot Oauth2 to implement Oauth service;
- The token is saved to the relational database;
- Log records are saved to a file and archived on a daily basis;
- Database connection information encryption;
- Integrated Druid database connection pool.
manual
1. Create a table
- PostgreSQL
please executesrc/main/resources/schema-pg.sql
to complete the creation of the data table and the import of test data.
Please execute MySQL tosrc/main/resources/schema-mysql.sql
complete the creation of the data table and the import of test data.2. Modify the database connection information
In application.yml, the connection information of the database is configured. Among them, the configuration items username and password are encrypted by jasypt and cannot be filled in plain text directly. The encryption key isjasypt.encryptor.password
configured by . You need to use the UtilTests tool in the test directory to get the encrypted string.PostgreSQL
# PostgreSQL连接信息 driver-class-name: org.postgresql.Driver url: jdbc:postgresql://127.0.0.1:5432/thymelte?useUnicode=true&characterEncoding=UTF-8 username: ENC(hTpbG9fq+7P3SntmXuNtDxbtWDqRuPV+) password: ENC(abdq6LyOspryFQHCqzEMTxRozyJVjIA4)
MySQL
# MySQL连接信息 driver-class-name: com.mysql.jdbc.Driver url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=false username: ENC(YiYjVwTulDGN//YaB3KbuA==) password: ENC(9oaIJkFgGSDFaHH3OXY63RHWQ+amDmiJ)
3. Run
Now, everything is ready. Run the project, when the program starts successfully, it means that you have successfully configured.
4. Test
While building the table, I have added test data to the table. The values of the following request parameters are all test data, which can be found in the data sheet. Please modify the corresponding value in the data table according to your needs.
In the oauth_client_details
table table , there is already a piece of test data. The value of the column client_id
sum corresponds to the value of the request parameter sum of client_secret
Basic Oauth, respectively . The column and column represent the validity period of access_token and refresh_token respectively, in seconds. The test data is 7200 and 5184000, representing 2 hours and 2 months (60 days), respectively. This is a more reasonable setting for the validity period, you can refer to it.username
password
access_token_validity
refresh_token_validity
All token-related interfaces require Basic Oauth authentication.
1. Obtain access_token based on username and password
POST http://localhost:8182/oauth/token?grant_type=password&username=jeesun&password=1234567890c
Successful example:
{
"access_token": "ca582cd1-be6c-4a5a-82ec-10af7a8e06eb",
"token_type": "bearer",
"refresh_token": "c24a6143-97c8-4642-88b9-d5c5b902b487",
"expires_in": 3824,
"scope": "read write trust"
}
Example of failure (wrong username or password)
{
"error": "invalid_grant",
"error_description": "Bad credentials"
}
2. Check access_token
GET http://localhost:8182/oauth/check_token?token=ca582cd1-be6c-4a5a-82ec-10af7a8e06eb
Successful example
{
"aud": [
"oauth2-resource"
],
"exp": 1524507296,
"user_name": "jeesun",
"authorities": [
"ROLE_ADMIN",
"ROLE_USER"
],
"client_id": "clientIdPassword",
"scope": [
"read",
"write",
"trust"
]
}
Example of failure (access_token has expired)
{
"error": "invalid_token",
"error_description": "Token was not recognised"
}
3. Obtain a new access_token according to refresh_token
Successful example
{
"access_token": "690ecd7d-f2b7-4faa-ac45-5b7a319478e8",
"token_type": "bearer",
"refresh_token": "c24a6143-97c8-4642-88b9-d5c5b902b487",
"expires_in": 7199,
"scope": "read write trust"
}
app practice guide
After the app obtains the token information, it needs to save the token information and request time. Before passing the access_token, you need to check whether the access_token has expired. To reduce background pressure, checking whether the access_token has expired should be done locally in the app. By comparing the value of the token's key expires_in
(remaining validity period) and the locally recorded request time with the current time, it is easy to determine whether the access_token has expired. If it expires, you need to obtain a new access_token through refresh_token. Because the access_token is only valid for 2 hours, this verification is required. The same is true for refresh_token.