Spring Boot整合Spring Authorization Server——客户端、设备码、PKCE模式

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 
@Configuration
public class RegisteredClientConfiguration {
 
    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("client-id")
                .clientSecret("client-secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .redirectUri("http://127.0.0.1:8080/login/oauth2/code/custom-client")
                .scope(OidcScopes.OPENID)
                .scope("email")
                .scope("profile")
                .clientSettings(ClientSettings.builder()
                        .requireAuthorizationConsent(true)
                        .build())
                .build();
 
        return new InMemoryRegisteredClientRepository(registeredClient);
    }
}

这段代码定义了一个RegisteredClientConfiguration配置类，它创建了一个内存中的RegisteredClientRepository，并注册了一个新的客户端。这个客户端支持基本的认证方法，可以使用授权码流程和刷新令牌。它还定义了客户端需要请求的作用域和重定向URI。这个配置类可以作为Spring Security OAuth2 Authorization Server配置的一部分，帮助示例应用程序正确地管理客户端和授权信息。