Spring Security oauth2 client - Twitter 的问题

我想将 Twitter oAuth2 添加到我的应用程序中。早些时候,我成功添加了Facebook和谷歌 - 我不必添加提供商。当我尝试将twitter数据添加到文件并运行服务器时,我得到错误:application.properties

Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.

这是我的配置:

spring.security.oauth2.client.registration.facebook.clientId=<SECRET>
spring.security.oauth2.client.registration.facebook.clientSecret=<SECRET>
spring.security.oauth2.client.registration.facebook.redirect-uri=http://localhost:8080/oauth2/callback/facebook
spring.security.oauth2.client.registration.facebook.scope=public_profile email


spring.security.oauth2.client.registration.twitter.clientId=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.provider=twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=token
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize
spring.security.oauth2.client.provider.twitter.user-info-uri=https://api.twitter.com/oauth/request_token

我添加了客户端ID,所以哪里有问题。我希望我正确地将oauth url添加到配置中。

@Update 我发现问题:)错别字在这里:

spring.security.oauth2.client.registration.twiter.authorization-grant-type=token

@UPDATE现在我有另一个问题,这是我的配置:

spring.security.oauth2.client.registration.twitter.client-id=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/access_token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize

在我打电话后:http://127.0.0.1:8080/oauth2/authorization/twitter 我看到这个:enter image description here


答案 1
  • 您的问题是关于在Twitter上使用oauth2客户端的,这是不可能的。Twitter 不支持涉及用户的 Oauth 2.0 流程。

  • 它仅支持应用程序 OAuth 2.0 持有者令牌

    OAuth 2.0 持有者令牌是仅使用应用程序进行身份验证的身份验证方法,用于通过 Twitter API 进行身份验证。由于此方法特定于应用程序,因此不涉及任何用户

    https://developer.twitter.com/en/docs/basics/authentication/oauth-2-0

  • 对于涉及最终用户的流,它使用 Oauth 1.0a https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a

  • 如下图 Oauth 1.0a 流所示,应用程序首先需要与授权服务器通信以获取请求令牌,并在将用户重定向到授权服务器时传递该令牌。这是令牌,Twitter抱怨丢失了,因为它是Oauth 1.0a。即,您正在执行步骤 B 而不执行步骤 A。

    enter image description here

逻辑示意图参考

https://oauth.net/core/1.0/


答案 2

尝试将grant_type更改为client_credentials和/或将 oauth 令牌 URL 更改为 。https://api.twitter.com/oauth2/token

此外,您还可以通过以下一些网站通过Spring的社交提供商api与Twitter进行交互。

https://docs.spring.io/spring-social-twitter/docs/current/reference/htmlsingle/

https://developer.twitter.com/en/docs/basics/authentication/api-reference/token


推荐