Now many projects have the need of third party login or third party authorization , And the most mature solution is OAuth2.0 License agreement .Spring Security It's also integrated OAuth2.0, In the latest Spring Security 5 The integration of OAuth2.0 The client of , We can use it conveniently Spring Security OAuth2 To achieve the relevant requirements .
Next, follow Pangge's rhythm to make a third-party authorization. Let's have an intuitive experience first . Suppose I don't know now OAuth2.0 Starting from scratch , The product gives a need to use code cloud for authorization , How can we achieve it ？
2. Apply for authorization
It's like you want to work for a company , You have to interview and submit a lot of materials to prove that you can meet the needs of the other party , After approval, the company allows you to go to work , Give you a position and corresponding authority 、 Job number 、 Workstation .
Same thing , We're going to code cloud to apply for an authorization function , That is to open a credit client on the other party's open platform . In the future, whether you are wechat 、 Alipay or QQ It's the same process . When the application is successful, they will give you the following field concepts .
Depending on the platform, the concept of field may be slightly different , But not too big .
A very long string , This is the platform of your application “ Job number ”, Carry this when you ask for authorization
clientId As a logo for your app .
Client key , It's like a password to prove that your authorization request actually came from your app . This is sensitive data , Be careful of confidentiality .
The type of authorization approach , You will be able to tell the third party when you apply for the type of authorization . When you request authorization, you need to clearly tell the third-party platform your authorization type .
OAuth2.0 It provides four common ways and two other ways that are not commonly used .
This is a third-party open platform for you to access
access_token The interface of , This
access_token It's your credentials for accessing open resources on third-party open platforms .
This is the interface you use to get the user information of the authorized person on the third party open platform , Most of them are sensitive information that public information doesn't cover , In order to achieve the purpose of information sharing between different platforms .
token url , Some platforms are called
callback. What's the use ？ It's like the mobile phone or email you left for the interview , After the interview, the interviewer told you to go back and wait for the interview result . This
redirectUri It is used to inform you of the result of authorization , Of course, this is more reliable than the interviewer , Chengdu will tell you the result .
Of course, the interview example here is not particularly appropriate , It's just easy for you to quickly understand .
This is the authorization entry , It means that you want to show what you want this authorization to do , A company sent a lot of JD Yes Java Development 、Golang Development 、 The front-end development 、 test 、UI. When you go to an interview, the first thing you should do is to tell the interviewer which position you are interviewing for is the same .
Of course about OAuth2.0 Of
scopeIt may be more abundant .
3. Experience OAuth2.0 to grant authorization
Learn to touch a new thing without understanding it , First, feel it intuitively , Understand how it works on the surface , And then go into it .
So I just let it go first Spring Security OAuth2.0 Third party authorized code cloud DEMO, Interested students first intuitively feel the scene , In the future, I will learn this technology from the simple to the deep .
3.1 Usage method
Official account ： Small fat man of minong reply authgitee obtain Spring Security OAuth2.0 DEMO after , Direct operation Corresponding branch project . Then browser access interface .
http://localhost:8082/oauth2/authorization/gitee Experience . lock ： Small fat man of minong The mechanism will be analyzed in detail later .
Official account ：Felordcn Get more information