{"id":18701035,"url":"https://github.com/toquery/example-spring-authorization-server","last_synced_at":"2026-04-07T13:32:18.175Z","repository":{"id":97927355,"uuid":"537362984","full_name":"ToQuery/example-spring-authorization-server","owner":"ToQuery","description":"OAuth2 认证授权服务","archived":false,"fork":false,"pushed_at":"2025-12-26T13:35:47.000Z","size":232,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-28T01:39:24.422Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ToQuery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-09-16T08:03:25.000Z","updated_at":"2025-12-26T13:35:44.000Z","dependencies_parsed_at":"2023-12-09T13:24:10.586Z","dependency_job_id":"0fc13fa0-cfa6-4227-85cc-6ccefc5ddbff","html_url":"https://github.com/ToQuery/example-spring-authorization-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ToQuery/example-spring-authorization-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToQuery%2Fexample-spring-authorization-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToQuery%2Fexample-spring-authorization-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToQuery%2Fexample-spring-authorization-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToQuery%2Fexample-spring-authorization-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ToQuery","download_url":"https://codeload.github.com/ToQuery/example-spring-authorization-server/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToQuery%2Fexample-spring-authorization-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31515144,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T03:10:19.677Z","status":"ssl_error","status_checked_at":"2026-04-07T03:10:13.982Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T11:40:15.739Z","updated_at":"2026-04-07T13:32:18.144Z","avatar_url":"https://github.com/ToQuery.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# example-spring-authorization-server\nOAuth2 认证授权服务\n\nhttps://juejin.cn/post/7290729997215170615?searchId=202401252330058987276A1F0FB3CB148F\n\n## 暴露地址\n\n\n- POST /oauth2/authorize\n- POST /oauth2/token\n- POST /oauth2/introspect 查看token 的信息\n- POST /oauth2/revoke 撤销令牌\n- GET /oauth2/jwks 查看JWK信息\n- GET /.well-known/oauth-authorization-server\n- GET /.well-known/openid-configuration\n- GET \n\n## 登录认证流程\n\n\n### client_credentials 方式认证\n\n- jwt方式\n\n```shell\ncurl -i -s -X POST \\\n 'http://localhost:9000/oauth2/token' \\\n  -u 'example-spring-security-multiple-authentication:example-spring-security-multiple-authentication-secret' \\\n  -d 'grant_type=client_credentials' \\\n  -d 'scope=write'\n```\n\n\n```shell\ncurl -i -X GET \\\n   -H \"Authorization:Bearer eyJraWQiOiIxMjM0NTYiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJleGFtcGxlIiwiYXVkIjoiZXhhbXBsZSIsIm5iZiI6MTY3MTI5MTc5NSwic2NvcGUiOlsid3JpdGUiXSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAwIiwiZXhwIjoxNjcxMzEzMzk1LCJpYXQiOjE2NzEyOTE3OTV9.O0UaUdxjwUaMS_okeXM-Sj8jXaYPBouPnp0N5IpBrKUjTHeLc2j1U1vWZxK-x4Ste1cXBTTxHbhHU0px7fbb77x-8LIQZzutvPDmPi_7UFy1IvTqO3YoZUZpiq4Rai8T1j9OS1frJxA5w8a4DQcccKytk5FrQe8BaH2QkEDV3pJfTpBbmtJIsO9Jd0o0_BzwORHsglXWKsrebAH5I9TJRYBj2Zmaj3zNkmLSJhnVcr2Q9iBCtN3rjfz34xUrNfl2jScRFVUNBk1taA4ugtFBhSoPWEYHkZI6PZBifSfgAM-qGl_40FyjweaKYUcTGd1XcKE2uiMxG8DrIoVsyro7EQ\" \\\n   'http://localhost:8070'\n```\n\n- opaque方式\n\nexample-spring-security-oauth2-opaque-token:example-spring-security-oauth2-opaque-token-secret\n\n```shell\ncurl -i -X POST \\\n   -H \"Authorization:Basic ZXhhbXBsZS1zcHJpbmctc2VjdXJpdHktb3BhcXVlOmV4YW1wbGUtc3ByaW5nLXNlY3VyaXR5LW9wYXF1ZS1zZWNyZXQ=\" \\\n 'http://localhost:9000/oauth2/token?grant_type=client_credentials'\n```\n\n```shell\ncurl -i -X GET \\\n   -H \"Authorization:Bearer qUnScVb5T3sAq6n1qYivYP6HbP64L5KvIqL1UImzatykIGTSoHP_QZLLCIfgsDWi_e8Av3OyId6EiP0hAPsgU1WMRRZksG2caEDCrB79hSOiqbWVEgSy63trdwsFa6ZO\" \\\n   'http://localhost:8090'\n```\n\n\n### PASSWORD 方式认证\n\n```shell\ncurl -i -X POST \\\n  -u 'example:example-secret' \\\n  'http://localhost:9000/oauth2/token' \\\n  -d 'grant_type=password' \\\n  -d 'username=admin' \\\n  -d 'password=123456' \\\n  -d 'client_id=example' \\\n  -d 'client_secret=example-secret'\n\n```\n\n### AUTHORIZATION_CODE 方式认证\n\n\n- jwt方式\n\nexample-spring-security-jwt:example-spring-security-jwt-secret\n\n1. 浏览器访问获取code\n\nhttp://localhost:9000/oauth2/authorize?response_type=code\u0026scope=read%20write\u0026client_id=example-spring-security-oauth2-jwt\u0026redirect_uri=http://example-spring-security-oauth2-jwt.local:8010/login/oauth2/code/example-spring-authorization-server\n\n```shell\ncurl -i -X POST \\\n  -u 'example-spring-security-oauth2-jwt:example-spring-security-oauth2-jwt-secret' \\\n  -d 'grant_type=authorization_code' \\\n  -d 'code=S29xCRVd8rexKbLZpwVLWPVIwG3m9_hyH7I5n1zURgnyO_-vvmSOJTduj0Dwvl0pXOMEgrYMjkvIEKab_k3ceuNba7_BpGeNry-5H3liIU32uIe6vJ8xMu6I276tcxmo' \\\n  -d 'redirect_uri=http://example-spring-security-oauth2-jwt.local:8010/login/oauth2/code/example-spring-authorization-server' \\\n 'http://localhost:9000/oauth2/token'\n \n```\n\n得道响应信息：\n\n```json\n{\n  \"access_token\":\"eyJraWQiOiIxMjM0NTYiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6ImV4YW1wbGUtc3ByaW5nLXNlY3VyaXR5LWp3dCIsIm5iZiI6MTY2MzY2MjEwMiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC8iLCJleHAiOjE2NjM2NjU3MDIsImlhdCI6MTY2MzY2MjEwMn0.VSX1_QgEgNvJC2pcoyNandIe6avgdflwpo8UF6QEEFiztoInxFDXTCAhBij7xux-o4f7RmiDdZ9MyL0uIQ2XNEf2DrIo8GGsCHGr19FiFs1jv8uiURXVlDm4_RMCohwqSM_r5dfRSyQZRW3875KzZdkSUydCwr-GuZZKybK-hCqM_XUNoNdu3SSN-1G5ExgsssIhFhDgHhZlNwnNQS06D6Y_N8UjAWVj-u-gIteKx1BgCGJLMzP5KPuot1AN2FhLytCGBRAKaTNvxcDqg_iDgf-iRiUAyDdWCMQeZxtHthFCph5gvDPABDmkNT-yYPlE5qTtPKCd6R0Jl_nRPKpgVw\",\n  \"refresh_token\":\"zDknLO0p1tt0fWs20DrW2lhP2HRU__QXfsGwzRr2S9mIWatMmjLbeFLq_0H5k5jsyU-la8a-MY_idTBIbQ9VxIprKWHBwkAb4IHHVCNzipol3WCw8DrfU_ulpaiwlbPM\",\n  \"scope\":\"read write\",\n  \"token_type\":\"Bearer\",\n  \"expires_in\":3599\n}\n```\n\n```shell\ncurl -i -X GET \\\n   -H \"Authorization:Bearer eyJraWQiOiIxMjM0NTYiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJleGFtcGxlLXNwcmluZy1zZWN1cml0eS1qd3QiLCJhdWQiOiJleGFtcGxlLXNwcmluZy1zZWN1cml0eS1qd3QiLCJuYmYiOjE2NjM2NTYwODMsInNjb3BlIjpbInJlYWQiLCJvcGVuaWQiLCJ3cml0ZSJdLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODA4MFwvIiwiZXhwIjoxNjYzNjU5NjgzLCJpYXQiOjE2NjM2NTYwODN9.H1vxnuWx_JYGUwD9MbH5zrhNvReroJCmvzRDfw6HRpqXAfBFhpPitHlnaG07I29eInXkjBDe6s5B6FEi1m2PRTD-UAT5brJy_hqEgyo1unL5HFqhGt0BB7qZtViSY7RIPBtVramETGtAg6ueekwjWoXiLrelTdcFJ7I3codXxi1sjbgGRtqr5LnUcnGtp_lHhOk4n06IvVGoPisWo3H7PtuKU3HGzoJR8RGKSwUmRDmqkF1VRAZder_-ma3p8S_teTaphpYGOpABHSz1Dd2qpCsSS2mPIVUY5VQa-8sOjXHzWROar7iHIvlr84w3YK94XFtWjATGBD13ZNWnDhiomg\" \\\n   'http://localhost:8090'\n```\n\n## 问题\n\n- https://stackoverflow.com/questions/39756748/spring-oauth-authorization-server-requires-scope\n\n## 踩坑\n\n1. 基于OAuth2.x协议接入应用。无法获取 jwt token\n2. 基于OIDC协议接入应用。利用 SimpleUrlAuthenticationSuccessHandler 可以返回给前端idtoken，虽然 登录成功后可以获取用户信息，但请求接口时，由于是jwt token ，并没有用户信息,虽然可以调用用户信息接口获取但很影响性能。\n3. 利用 SimpleUrlAuthenticationSuccessHandler 生成自定义 token，存在两个问题，一个是业务应用生成的token不通用，password方式生成的token就会验证失败；二是利用授权服务的公私钥接口生成，但会暴露公私钥。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoquery%2Fexample-spring-authorization-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftoquery%2Fexample-spring-authorization-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoquery%2Fexample-spring-authorization-server/lists"}