目录
- 前言
- 1. 基本知识
- 2. Demo
- 3. 实战
前言
公共接口,定义了对第三方平台进行授权、登录、撤销授权和刷新 token 的操作
1. 基本知识
先看源码基本API接口:
import me.zhyd.oauth.enums.AuthResponseStatus;
import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken;/*** JustAuth {@code Request}公共接口,所有平台的{@code Request}都需要实现该接口* <p>* {@link AuthRequest#authorize()}* {@link AuthRequest#authorize(String)}* {@link AuthRequest#login(AuthCallback)}* {@link AuthRequest#revoke(AuthToken)}* {@link AuthRequest#refresh(AuthToken)}** @author yadong.zhang (yadong.zhang0415(a)gmail.com)* @since 1.8*/
public interface AuthRequest {/*** 返回授权url,可自行跳转页面* <p>* 不建议使用该方式获取授权地址,不带{@code state}的授权地址,容易受到csrf攻击。* 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验** @return 返回授权地址*/@Deprecateddefault String authorize() {throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);}/*** 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state}** @param state state 验证授权流程的参数,可以防止csrf* @return 返回授权地址*/default String authorize(String state) {throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);}/*** 第三方登录** @param authCallback 用于接收回调参数的实体* @return 返回登录成功后的用户信息*/default AuthResponse login(AuthCallback authCallback) {throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);}/*** 撤销授权** @param authToken 登录成功后返回的Token信息* @return AuthResponse*/default AuthResponse revoke(AuthToken authToken) {throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);}/*** 刷新access token (续期)** @param authToken 登录成功后返回的Token信息* @return AuthResponse*/default AuthResponse refresh(AuthToken authToken) {throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);}
}
大致方法如下:
authorize():返回授权 URL,但已被标记为过时 (@Deprecated)。不建议使用此方法获取授权地址,因为不带 state 的授权地址容易受到 CSRF 攻击authorize(String state):返回带 state 参数的授权 URL,授权回调时会带上这个 state,用于验证授权流程的参数,防止 CSRF 攻击login(AuthCallback authCallback):第三方登录方法,用于接收回调参数的实体,并返回登录成功后的用户信息revoke(AuthToken authToken):撤销授权方法,用于撤销登录成功后返回的 Token 信息refresh(AuthToken authToken):刷新 Access Token 方法,用于续期登录成功后返回的 Token 信息
2. Demo
根据上述接口,简单测试下接口功能:
制造一个第三方的类:
package com.example.test;import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.request.AuthRequest;public class GitHubAuthProvider implements AuthRequest {@Overridepublic String authorize(String state) {// 返回 GitHub 授权 URL,并将 state 参数添加到 URL 中return "https://github.com/login/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&state=" + state;}@Overridepublic AuthResponse login(AuthCallback authCallback) {// 模拟 GitHub 登录成功后返回的用户信息return new AuthResponse(200, "Success", "GitHubUser,github@example.com");}@Overridepublic AuthResponse revoke(AuthToken authToken) {// 撤销授权的具体实现return new AuthResponse(200, "Success", "Authorization revoked successfully");}@Overridepublic AuthResponse refresh(AuthToken authToken) {// 刷新 Access Token 的具体实现return new AuthResponse(200, "Success", "Access Token refreshed successfully");}
}
对应的接口测试类如下:
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.request.AuthRequest;public class test {public static void main(String[] args) {// 创建一个第三方平台的具体实现对象AuthRequest authRequest = new GitHubAuthProvider();// 获取授权 URL,传入 state 参数String authorizeUrl = authRequest.authorize("random_state_parameter");System.out.println("Authorize URL: " + authorizeUrl);// 模拟第三方登录操作,传入 AuthCallback 实体AuthResponse authResponse = authRequest.login(new AuthCallback());System.out.println("Login response: " + authResponse);// 模拟撤销授权操作,传入登录成功后返回的 Token 信息AuthToken authToken = new AuthToken();AuthResponse revokeResponse = authRequest.revoke(authToken);System.out.println("Revoke response: " + revokeResponse);// 模拟刷新 Access Token 操作,传入登录成功后返回的 Token 信息AuthResponse refreshResponse = authRequest.refresh(authToken);System.out.println("Refresh response: " + refreshResponse);}
}
截图如下:(默认的 toString() 方法返回的对象字符串表示形式)
3. 实战
上述Demo只是一个简易版
在实战中应对各个不同的应用,可以写个模板类
import java.util.Objects;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthDefaultSource;
import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.request.AuthAlipayRequest;
import me.zhyd.oauth.request.AuthBaiduRequest;
import me.zhyd.oauth.request.AuthCodingRequest;
import me.zhyd.oauth.request.AuthCsdnRequest;
import me.zhyd.oauth.request.AuthDingTalkRequest;
import me.zhyd.oauth.request.AuthDouyinRequest;
import me.zhyd.oauth.request.AuthElemeRequest;
import me.zhyd.oauth.request.AuthFacebookRequest;
import me.zhyd.oauth.request.AuthGiteeRequest;
import me.zhyd.oauth.request.AuthGithubRequest;
import me.zhyd.oauth.request.AuthGitlabRequest;
import me.zhyd.oauth.request.AuthGoogleRequest;
import me.zhyd.oauth.request.AuthHuaweiRequest;
import me.zhyd.oauth.request.AuthKujialeRequest;
import me.zhyd.oauth.request.AuthLinkedinRequest;
import me.zhyd.oauth.request.AuthMeituanRequest;
import me.zhyd.oauth.request.AuthMiRequest;
import me.zhyd.oauth.request.AuthMicrosoftRequest;
import me.zhyd.oauth.request.AuthOschinaRequest;
import me.zhyd.oauth.request.AuthPinterestRequest;
import me.zhyd.oauth.request.AuthQqRequest;
import me.zhyd.oauth.request.AuthRenrenRequest;
import me.zhyd.oauth.request.AuthRequest;
import me.zhyd.oauth.request.AuthStackOverflowRequest;
import me.zhyd.oauth.request.AuthTaobaoRequest;
import me.zhyd.oauth.request.AuthTeambitionRequest;
import me.zhyd.oauth.request.AuthToutiaoRequest;
import me.zhyd.oauth.request.AuthTwitterRequest;
import me.zhyd.oauth.request.AuthWeChatEnterpriseRequest;
import me.zhyd.oauth.request.AuthWeChatMpRequest;
import me.zhyd.oauth.request.AuthWeChatOpenRequest;
import me.zhyd.oauth.request.AuthWeiboRequest;
import org.springblade.core.social.props.SocialProperties;public class SocialUtil {public SocialUtil() {}public static AuthRequest getAuthRequest(String source, SocialProperties socialProperties) {AuthDefaultSource authSource = (AuthDefaultSource)Objects.requireNonNull(AuthDefaultSource.valueOf(source.toUpperCase()));AuthConfig authConfig = (AuthConfig)socialProperties.getOauth().get(authSource);if (authConfig == null) {throw new AuthException("未获取到有效的Auth配置");} else {AuthRequest authRequest = null;switch (authSource) {case GITHUB:authRequest = new AuthGithubRequest(authConfig);break;case GITEE:authRequest = new AuthGiteeRequest(authConfig);break;case OSCHINA:authRequest = new AuthOschinaRequest(authConfig);break;case QQ:authRequest = new AuthQqRequest(authConfig);break;case WECHAT_OPEN:authRequest = new AuthWeChatOpenRequest(authConfig);break;case WECHAT_ENTERPRISE:authRequest = new AuthWeChatEnterpriseRequest(authConfig);break;case WECHAT_MP:authRequest = new AuthWeChatMpRequest(authConfig);break;case DINGTALK:authRequest = new AuthDingTalkRequest(authConfig);break;case ALIPAY:authRequest = new AuthAlipayRequest(authConfig);break;case BAIDU:authRequest = new AuthBaiduRequest(authConfig);break;case WEIBO:authRequest = new AuthWeiboRequest(authConfig);break;case CODING:authRequest = new AuthCodingRequest(authConfig);break;case CSDN:authRequest = new AuthCsdnRequest(authConfig);break;case TAOBAO:authRequest = new AuthTaobaoRequest(authConfig);break;case GOOGLE:authRequest = new AuthGoogleRequest(authConfig);break;case FACEBOOK:authRequest = new AuthFacebookRequest(authConfig);break;case DOUYIN:authRequest = new AuthDouyinRequest(authConfig);break;case LINKEDIN:authRequest = new AuthLinkedinRequest(authConfig);break;case MICROSOFT:authRequest = new AuthMicrosoftRequest(authConfig);break;case MI:authRequest = new AuthMiRequest(authConfig);break;case TOUTIAO:authRequest = new AuthToutiaoRequest(authConfig);break;case TEAMBITION:authRequest = new AuthTeambitionRequest(authConfig);break;case PINTEREST:authRequest = new AuthPinterestRequest(authConfig);break;case RENREN:authRequest = new AuthRenrenRequest(authConfig);break;case STACK_OVERFLOW:authRequest = new AuthStackOverflowRequest(authConfig);break;case HUAWEI:authRequest = new AuthHuaweiRequest(authConfig);break;case KUJIALE:authRequest = new AuthKujialeRequest(authConfig);break;case GITLAB:authRequest = new AuthGitlabRequest(authConfig);break;case MEITUAN:authRequest = new AuthMeituanRequest(authConfig);break;case ELEME:authRequest = new AuthElemeRequest(authConfig);break;case TWITTER:authRequest = new AuthTwitterRequest(authConfig);}if (null == authRequest) {throw new AuthException("未获取到有效的Auth配置");} else {return (AuthRequest)authRequest;}}}
}
类似的Github第三方平台如下:(以下类为API自带的)
import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.cache.AuthStateCache;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthDefaultSource;
import me.zhyd.oauth.enums.AuthUserGender;
import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.utils.GlobalAuthUtils;import java.util.Map;/*** Github登录** @author yadong.zhang (yadong.zhang0415(a)gmail.com)* @since 1.0.0*/
public class AuthGithubRequest extends AuthDefaultRequest {public AuthGithubRequest(AuthConfig config) {super(config, AuthDefaultSource.GITHUB);}public AuthGithubRequest(AuthConfig config, AuthStateCache authStateCache) {super(config, AuthDefaultSource.GITHUB, authStateCache);}@Overrideprotected AuthToken getAccessToken(AuthCallback authCallback) {String response = doPostAuthorizationCode(authCallback.getCode());Map<String, String> res = GlobalAuthUtils.parseStringToMap(response);this.checkResponse(res.containsKey("error"), res.get("error_description"));return AuthToken.builder().accessToken(res.get("access_token")).scope(res.get("scope")).tokenType(res.get("token_type")).build();}@Overrideprotected AuthUser getUserInfo(AuthToken authToken) {String response = doGetUserInfo(authToken);JSONObject object = JSONObject.parseObject(response);this.checkResponse(object.containsKey("error"), object.getString("error_description"));return AuthUser.builder().rawUserInfo(object).uuid(object.getString("id")).username(object.getString("login")).avatar(object.getString("avatar_url")).blog(object.getString("blog")).nickname(object.getString("name")).company(object.getString("company")).location(object.getString("location")).email(object.getString("email")).remark(object.getString("bio")).gender(AuthUserGender.UNKNOWN).token(authToken).source(source.toString()).build();}private void checkResponse(boolean error, String error_description) {if (error) {throw new AuthException(error_description);}}}
后续在使用过程的代码如下:
@NonDS
@Slf4j
@RestController
@AllArgsConstructor
@ConditionalOnProperty(value = "social.enabled", havingValue = "true")
public class BladeSocialEndpoint {private final SocialProperties socialProperties;/*** 授权完毕跳转*/@RequestMapping("/oauth/render/{source}")public void renderAuth(@PathVariable("source") String source, HttpServletResponse response) throws IOException {AuthRequest authRequest = SocialUtil.getAuthRequest(source, socialProperties);String authorizeUrl = authRequest.authorize(AuthStateUtils.createState());response.sendRedirect(authorizeUrl);}/*** 获取认证信息*/@RequestMapping("/oauth/callback/{source}")public Object login(@PathVariable("source") String source, AuthCallback callback) {AuthRequest authRequest = SocialUtil.getAuthRequest(source, socialProperties);return authRequest.login(callback);}/*** 撤销授权*/@RequestMapping("/oauth/revoke/{source}/{token}")public Object revokeAuth(@PathVariable("source") String source, @PathVariable("token") String token) {AuthRequest authRequest = SocialUtil.getAuthRequest(source, socialProperties);return authRequest.revoke(AuthToken.builder().accessToken(token).build());}/*** 续期令牌*/@RequestMapping("/oauth/refresh/{source}")public Object refreshAuth(@PathVariable("source") String source, String token) {AuthRequest authRequest = SocialUtil.getAuthRequest(source, socialProperties);return authRequest.refresh(AuthToken.builder().refreshToken(token).build());}}
)
)
。Javaee项目,springboot项目。)
