CREATE DATABASE IF NOT EXISTS oauth2_server DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
create user 'oauth2_server'@'localhost' identified by 'password_dev';
grant all privileges on oauth2_server.* to 'oauth2_server'@'localhost';
使用Java工具包中的keytool制作证书jwt.jks,重要参数:设置别名为【jwt】,有效天数为【1000】,密码为【keypass】,替换位置src/main/resources/jwt.jks
keytool -genkey -alias jwt -keyalg RSA -keysize 2048 -keystore /your/path/to/jwt.jks -validity 1000
Get /.well-known/openid-configuration
authorization_code, refresh_token
1. Get /oauth2/authorize?client_id=SampleClientId&response_type=code&redirect_uri=http://client.sso.com/login/oauth2/code/sso-loginscope=openid profile
用户同意授权后服务端响应,浏览器重定向到:http://client.sso.com/login?code=1E37Xk,接收code,然后后端调用步骤2获取token
2. Post /oauth/token?client_id=SampleClientId&client_secret=tgb.258&grant_type=authorization_code&redirect_uri=http://client.sso.com/login/oauth2/code/sso-login&code=1E37Xk
响应:
{
"access_token": "a.b.c",
"refresh_token": "d.e.f",
"scope": "openid profile",
"id_token": "h.i.j",
"token_type": "Bearer",
"expires_in": 7199
}
Get /user/me?access_token=a.b.c
或者http header中加入Authorization,如下
Authorization: Bearer a.b.c
Post /oauth2/token?client_id=SampleClientId&client_secret=tgb.258&grant_type=refresh_token&refresh_token=d.e.f
1、获取验证码序号
Get /captcha/graph
响应:
{
"graphUrl": "/captcha/graph/print?graphId=32a41c71-d74a-4aa6-b73c-af3627e82485",
"graphId": "32a41c71-d74a-4aa6-b73c-af3627e82485",
"ttl": 300,
"status": 1
}
2、显示验证码
Get /captcha/graph/print?graphId=a32a41c71-d74a-4aa6-b73c-af3627e82485
响应:
图片流
3、调用注册接口
Post /signUp?username=lisi&password=yourpass0!&graphId=a32a41c71-d74a-4aa6-b73c-af3627e82485&verificationCode=1324
响应:
{
"status": 1,
"timestamp": 1561729652797
}
java -jar oauth2-server-x.y.z.jar
或者指定配置文件覆盖默认配置
java -jar oauth2-server-x.y.z.jar --spring.config.additional-location=/path/to/override.properties
