The 3 lines of code here do not mean that you really only need to write 3 lines of code, but based on a Spring Boot Oauth2 service I have written. You only need to modify 3 lines of database configuration information to get a Spring Boot Oauth2 service.
Project address https://github.com/jeesun/oauthserver
oauthserver
Introduction
oauthserver is a complete standalone Oauth server based on Spring Boot Oauth2. Just create relevant data tables and modify the connection information of the database, and you can get an Oauth server.
Supported relational databases:
Implemented functions:
Usage process
1. Create table
PostgreSQL
Please execute src/main/resources/schema-pg.sql to complete the creation of the data table and import the test data.
MySQL
Please execute src/main/resources/schema-mysql.sql to complete the creation of the data table and the import of test data.
2. Modify database connection information
In application.yml, the connection information of the database is configured. Among them, the configuration items username and password must be encrypted by jasypt and cannot be filled in directly. The encryption key is configured by jasypt.encryptor.password. You need to use the UtilTests tool in the test directory to get the encrypted string.
PostgreSQL# PostgreSQL connection information driver-class-name: org.postgresql.Driver url: jdbc:postgresql://127.0.0.1:5432/thymelte?useUnicode=true&characterEncoding=UTF-8 username: ENC(hTpbG9fq+7P3SntmXuNtDxbtWDqRuPV+) password: ENC(abdq6LyOspryFQHCqzEMTxRozyJVjIA4)MySQL# MySQL connection information driver-class-name: com.mysql.jdbc.Driver url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=false username: ENC(YiYjVwTulDGN//YaB3KbuA==) password: ENC(9oaIJkFgGSDFaHH3OXY63RHWQ+amDmiJ)
3. Run
Now, everything is ready. Run the project. When the program starts successfully, it means that you have successfully configured it.
4. Test
I have added test data to the table when building the table. The values of the following request parameters are all test data and can be found in the data table. Please go to the data table to modify the corresponding value according to your requirements.
In the table oauth_client_details table, there is already a test data. The values of the columns client_id and client_secret correspond to the values of the Basic Oauth request parameters username and password respectively. The columns access_token_validity and column refresh_token_validity represent the validity period of access_token and refresh_token respectively, in seconds. Test data 7200 and 5184000 represent 2 hours and 2 months (60 days) respectively. This is a relatively reasonable setting of validity time, which can be used as a reference.
All interfaces related tokens require Basic Oauth authentication.
1. Obtain access_token according to username and password
POST http://localhost:8182/oauth/token?grant_type=password&username=jeesun&password=1234567890c
Successful example:
{ "access_token": "ca582cd1-be6c-4a5a-82ec-10af7a8e06eb", "token_type": "bearer", "refresh_token": "c24a6143-97c8-4642-88b9-d5c5b902b487", "expires_in": 3824, "scope": "read write trust"}Failure example (incorrect username or password)
{ "error": "invalid_grant", "error_description": "Bad credentials"}2. Check access_token
GET http://localhost:8182/oauth/check_token?token=ca582cd1-be6c-4a5a-82ec-10af7a8e06eb
Successful Example
{ "aud": [ "oauth2-resource" ], "exp": 1524507296, "user_name": "jeesun", "authorities": [ "ROLE_ADMIN", "ROLE_USER" ], "client_id": "clientIdPassword", "scope": [ "read", "write", "trust" ]}Failure example (access_token expired)
{ "error": "invalid_token", "error_description": "Token was not recognized"}3. Obtain new access_token according to refresh_token
POST http://localhost:8182/oauth/token?grant_type=refresh_token&refresh_token=c24a6143-97c8-4642-88b9-d5c5b902b487
Successful Example
{ "access_token": "690ecd7d-f2b7-4faa-ac45-5b7a319478e8", "token_type": "bearer", "refresh_token": "c24a6143-97c8-4642-88b9-d5c5b902b487", "expires_in": 7199, "scope": "read write trust"}App Practice Guide
After the app obtains the token information, it needs to save the token information and the request time. Before passing the access_token, you need to check whether the access_token expires. To reduce background pressure, checking whether access_token expires should be done locally in the app. By comparing the token's keyexpires_in (remain validity period) value, as well as the local record request time, and the current time, it is easy to determine whether the access_token has expired. If it expires, you need to obtain a new access_token through refresh_token. Because the validity period of access_token is only 2 hours, this verification is necessary. The same goes for refresh_token.
Summarize
The above is the 3 lines of code introduced by the editor to quickly implement the Spring Boot Oauth2 service. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to everyone in time. Thank you very much for your support to Wulin.com website!