1. 基于密码认证的两种调用方式

POST http://localhost:8081/isung-oauth-server/oauth/token
headers: 
	Content-Type: multipart/form-data;
params:{
"username":"xxx"
,"password":"xxx"
,"client_id":""
,"client_secret":""
,"grant_type"
}

http://localhost:8081/isung-oauth-server/oauth/token?grant_type=password&username=admin&password=123456&client_id=isung&client_secret=123456

返回值:
{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySW5mbyI6ImFkbWluIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ5ODE1Mzk0LCJhdXRob3JpdGllcyI6WyJOT05FIl0sImp0aSI6Ijg0NDVjMGNiLTRiZGUtNDJhNC05M2FlLTQ1N2UwYTljYmIxNSIsImNsaWVudF9pZCI6ImlzdW5nIn0.BILkb9Zl17bA-LEcF-KfwLhOV6tfMzyPJ4X6ML5neOA",
    "token_type": "bearer",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySW5mbyI6ImFkbWluIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJhbGwiXSwiYXRpIjoiODQ0NWMwY2ItNGJkZS00MmE0LTkzYWUtNDU3ZTBhOWNiYjE1IiwiZXhwIjoxNjQ5ODMxNTk0LCJhdXRob3JpdGllcyI6WyJOT05FIl0sImp0aSI6IjEwYjE1ZTdhLTMxZjAtNDIxZC1hZmU1LWJiZDc2YmY4YWFhMyIsImNsaWVudF9pZCI6ImlzdW5nIn0.fQgiXxWeIM2rPG7DOq97O9uUIxciT0MI-aKBDV4uDUs",
    "expires_in": 1799,
    "scope": "all",
    "userInfo": "admin",
    "jti": "8445c0cb-4bde-42a4-93ae-457e0a9cbb15"
}

2. 基于一次性认证码认证

http://localhost:8081/isung-oauth-server/oauth/authorize?response_type=code&client_id=isung&scope=all&redirect_uri=http://www.baidu.com

GET http://localhost:8081/isung-oauth-server/oauth/token?grant_type=authorization_code&code=0vtGYN&client_id=isung&client_secret=isung2022&redirect_uri=http://www.baidu.com&scope=all

3. 校验 token

需要配置 AuthorizationServerSecurityConfigurer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("permitAll()")
.allowFormAuthenticationForClients();

permitAll(): 表示不需要认证客户端就可以调用

http://localhost:8080/isung-order-api/oauth/check_token?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySW5mbyI6ImFkbWluIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJhbGwiXSwiZXhwIjoxNjQ5ODM0MDE4LCJhdXRob3JpdGllcyI6WyJOT05FIl0sImp0aSI6IjQ3M2UyMjZkLTdjYjMtNDEwZS1iMzNkLTQyN2VlNjlmNjBkNiIsImNsaWVudF9pZCI6ImlzdW5nIn0.S-1ro6houoPnM_cg9gF951X73Nr0A_bdjZZ0qY7pQHs

3. 核心配置类AuthorizationServerEndpointsConfiguration | FilterChainProxy

springsecurityfilter.png