OAuth 2.0 客户端

DeepSeek V3 中英对照 OAuth2 Client OAuth 2.0 Client

OAuth 2.0 客户端特性为 OAuth 2.0 授权框架 中定义的客户端角色提供支持。

从高层次来看，核心功能主要包括：

授权授予支持

• 授权码

• 刷新令牌

• 客户端凭证

• JWT Bearer

• 令牌交换

客户端身份验证支持

• JWT Bearer

HTTP 客户端支持

• 适用于响应式环境的 WebClient 集成（用于请求受保护资源）

ServerHttpSecurity.oauth2Client() DSL 为定制 OAuth 2.0 客户端使用的核心组件提供了多种配置选项。

以下代码展示了 ServerHttpSecurity.oauth2Client() DSL 提供的完整配置选项：

Java

@Configuration
@EnableWebFluxSecurity
public class OAuth2ClientSecurityConfig {

	@Bean
	public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
		http
			.oauth2Client((oauth2) -> oauth2
				.clientRegistrationRepository(this.clientRegistrationRepository())
				.authorizedClientRepository(this.authorizedClientRepository())
				.authorizationRequestRepository(this.authorizationRequestRepository())
				.authorizationRequestResolver(this.authorizationRequestResolver())
				.authenticationConverter(this.authenticationConverter())
				.authenticationManager(this.authenticationManager())
			);

		return http.build();
	}
}

Kotlin

@Configuration
@EnableWebFluxSecurity
class OAuth2ClientSecurityConfig {

    @Bean
    fun securityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
        http {
            oauth2Client {
                clientRegistrationRepository = clientRegistrationRepository()
                authorizedClientRepository = authorizedClientRepository()
                authorizationRequestRepository = authorizedRequestRepository()
                authorizationRequestResolver = authorizationRequestResolver()
                authenticationConverter = authenticationConverter()
                authenticationManager = authenticationManager()
            }
        }

        return http.build()
    }
}

ReactiveOAuth2AuthorizedClientManager 负责与一个或多个 ReactiveOAuth2AuthorizedClientProvider 协作，管理 OAuth 2.0 客户端的授权（或重新授权）。

以下代码展示了如何注册一个 ReactiveOAuth2AuthorizedClientManager @Bean，并将其与一个 ReactiveOAuth2AuthorizedClientProvider 组合关联，该组合提供了对 authorization_code、refresh_token 和 client_credentials 授权类型的支持：

Java

@Bean
public ReactiveOAuth2AuthorizedClientManager authorizedClientManager(
		ReactiveClientRegistrationRepository clientRegistrationRepository,
		ServerOAuth2AuthorizedClientRepository authorizedClientRepository) {

	ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
			ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
					.authorizationCode()
					.refreshToken()
					.clientCredentials()
					.build();

	DefaultReactiveOAuth2AuthorizedClientManager authorizedClientManager =
			new DefaultReactiveOAuth2AuthorizedClientManager(
					clientRegistrationRepository, authorizedClientRepository);
	authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

	return authorizedClientManager;
}

Kotlin

@Bean
fun authorizedClientManager(
        clientRegistrationRepository: ReactiveClientRegistrationRepository,
        authorizedClientRepository: ServerOAuth2AuthorizedClientRepository): ReactiveOAuth2AuthorizedClientManager {
    val authorizedClientProvider: ReactiveOAuth2AuthorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
            .authorizationCode()
            .refreshToken()
            .clientCredentials()
            .build()
    val authorizedClientManager = DefaultReactiveOAuth2AuthorizedClientManager(
            clientRegistrationRepository, authorizedClientRepository)
    authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider)
    return authorizedClientManager
}

章节总结

📄️ 核心接口与类

ClientRegistration 是向 OAuth 2.0 或 OpenID Connect 1.0 提供商注册的客户端的表示形式。

📄️ OAuth2 授权许可

本节介绍 Spring Security 对授权许可的支持。

📄️ OAuth2 客户端认证

客户端通过HTTP Basic进行身份验证是开箱即用的，无需任何定制即可启用。默认实现由DefaultOAuth2TokenRequestHeadersConverter提供。

📄️ OAuth2 授权客户端

本节涵盖了 Spring Security 为 OAuth2 客户端提供的附加功能。