oauth2 requests to obtain a token through the /oauth/token interface. The following is the token code obtained from the oauth2 source code. You can see that only post requests are stored in allowedRequestMethods, so only post requests are supported by default.
But how do we need to access it through get requests or other requests? For example, when nigix performs domain name redirection, the post request is changed to a get request by default. At this time, /oauth/token cannot obtain the token.
private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.POST));
@RequestMapping(value = "/oauth/token", method=RequestMethod.GET)
public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!allowedRequestMethods.contains(HttpMethod.GET)) {
throw new HttpRequestMethodNotSupportedException("GET");
}
return postAccessToken(principal, parameters);
}
@RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {According to the above requirements, the priority is to add the get method to the allowedRequestMethods by modifying the configuration file. This method is not implemented. The following is the configuration update for adding a configuration class.
@Configuration
public class AllowedMethodConfig {
@Autowired
private TokenEndpoint tokenEndpoint;
@PostConstruct
public void reconfigure() {
Set<HttpMethod> allowedMethods =
new HashSet<>(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
tokenEndpoint.setAllowedRequestMethods(allowedMethods);
}
}Add the above classes, and after the restart is complete, you can get the token through the get request /oauth/token.
The above is all the content. If you have any questions or suggestions, I hope you will point out.