Openid connect 获取token有多种方式,如下:
1.基于grant_type="password"去直接获取token
2.基于grant_type="authorization_code"去交换token
本文从如何获取authorization_code及code去交换token做流程说明。
1.指定response_type=code,去请求登录页面
http://认证服务器地址/auth/realms/test/protocol/openid-connect/auth?client_id=test-client&redirect_uri=http://localhost:8100&response_type=code&scope=openid
2.在响应的登录页面中输入用户名和密码
3.从响应结果中获取code
http://localhost:8100?session_state=8c83f4fa-b5c1-42a5-ba22-8dda1956fe09
&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..xVo-RktV2MzizPIoGoFn4g.Vd_6woVSvpJGU5xMKEAZAELWGMrnUIO_6PR7Divi10J8mq2c-i5mklFpzpbCTvHDjjbyV2uE9ESeaNIYceb25RRncJ0o-WVu92faf4wX8vqqL27yoeE6H5E_grHidq4fwkVUrVvZSxcQm56W2wFm2K7c4QDZ04t7Oft--Rl6N3Epru3-4yheZR2OFtX8TUmk0o1nP7lyBKYZG83Onx2oLdj4jmQT_96O8SelelgCc6fYOYNnVTmrXBdCHgk1NyEc.GYxgjBR8zruBcPTgMJhz9g
4.基于code去交换token
post请求url: http://认证服务器地址/auth/realms/test/protocol/openid-connect/token
请求参数: grant_type=authorization_code code=上一步获取的code client_id=test-client redirect_uri=http://localhost:8100
响应结果:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJDN185LTBUN18yaGxnTWxybzJYSzJSMWw0ZzRaUGxsNkhncEM3RXJlYXdjIn0.eyJqdGkiOiI5YmZkMDQzZC05ZjA4LTQ0NzctYTc2NC0xNDA5ZGY0OTEzODAiLCJleHAiOjE1MzU1OTg3MzIsIm5iZiI6MCwiaWF0IjoxNTM1NTk1MTMyLCJpc3MiOiJodHRwOi8vaWRlbnRpdHktcWEucm9vbWlzLmNvbS5jbi9hdXRoL3JlYWxtcy90ZXN0IiwiYXVkIjoidGVzdC1jbGllbnQiLCJzdWIiOiJkNTljZDAxMi1jNzM0LTRhMjQtYWNkNi1iOWFmMDEyZGRhNzgiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJ0ZXN0LWNsaWVudCIsImF1dGhfdGltZSI6MTUzNTU5NTExNSwic2Vzc2lvbl9zdGF0ZSI6ImM2NWFlODY2LWUzOTEtNDdjOC05NjYwLTU1YmZlNDQ3MWZkNyIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiIsImh0dHA6Ly9sb2NhbGhvc3Q6ODEwMCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InJlYWxtLW1hbmFnZW1lbnQiOnsicm9sZXMiOlsidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJyZWFsbS1hZG1pbiIsImNyZWF0ZS1jbGllbnQiLCJtYW5hZ2UtdXNlcnMiLCJxdWVyeS1yZWFsbXMiLCJ2aWV3LWF1dGhvcml6YXRpb24iLCJxdWVyeS1jbGllbnRzIiwicXVlcnktdXNlcnMiLCJtYW5hZ2UtZXZlbnRzIiwibWFuYWdlLXJlYWxtIiwidmlldy1ldmVudHMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWF1dGhvcml6YXRpb24iLCJtYW5hZ2UtY2xpZW50cyIsInF1ZXJ5LWdyb3VwcyJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdCJ9.YE88uRCfjQekbczvRZUbLwKyQHt6MxzOhjYVXWOA-AjsrIo9NURqqfUrgxFEIKXOwkIn0DoZpNSW1Qlm9vGTwl-K54zxWZ5-mvP40g70IshtDFS0gwMtyK6H7CRb4fANwq-N5-TLkPXIlg3wf0CFhihWh4C96hqIKXTp7hR2rCw51Ksdt0GEYOWm8JHyzfaFsuga_3riDzwOQr3V08kJ4fiDw4JPHsIUsFdbKnqtGk8YxgPwMbZxM6DFjCpNdE4JlzTW2SsPiTan_eAL2pK2jw3RB8UJhY726RHAtRDNDPU1YjLgdzbQ3Z5mxX1-XMpJOduD3dkpOmxf91qmSVVF-w",
"expires_in": 3600,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJDN185LTBUN18yaGxnTWxybzJYSzJSMWw0ZzRaUGxsNkhncEM3RXJlYXdjIn0.eyJqdGkiOiI4YzJhYTAzYy01MWYzLTRlYzQtODQxYS1jMGFlMjY5YmNjODkiLCJleHAiOjE1MzU1OTY5MzIsIm5iZiI6MCwiaWF0IjoxNTM1NTk1MTMyLCJpc3MiOiJodHRwOi8vaWRlbnRpdHktcWEucm9vbWlzLmNvbS5jbi9hdXRoL3JlYWxtcy90ZXN0IiwiYXVkIjoidGVzdC1jbGllbnQiLCJzdWIiOiJkNTljZDAxMi1jNzM0LTRhMjQtYWNkNi1iOWFmMDEyZGRhNzgiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoidGVzdC1jbGllbnQiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjNjVhZTg2Ni1lMzkxLTQ3YzgtOTY2MC01NWJmZTQ0NzFmZDciLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InJlYWxtLW1hbmFnZW1lbnQiOnsicm9sZXMiOlsidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJyZWFsbS1hZG1pbiIsImNyZWF0ZS1jbGllbnQiLCJtYW5hZ2UtdXNlcnMiLCJxdWVyeS1yZWFsbXMiLCJ2aWV3LWF1dGhvcml6YXRpb24iLCJxdWVyeS1jbGllbnRzIiwicXVlcnktdXNlcnMiLCJtYW5hZ2UtZXZlbnRzIiwibWFuYWdlLXJlYWxtIiwidmlldy1ldmVudHMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWF1dGhvcml6YXRpb24iLCJtYW5hZ2UtY2xpZW50cyIsInF1ZXJ5LWdyb3VwcyJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCJ9.XFOHH-q7k2yyLukCvbXiF4jQhjXsXZW1Ut6obbC7U5a2pphN9Q5ne9Wj1sPhjR_vv6cNcl0ZotTVY88xeBoTbtGdamkLoukuSW6fbwSKl3MpV-Fd0Dws5_e9CaCP7CagTknqwqt7BgykA7nPLGonh7qmzf8XuEnUpCF3Qvlc5T9qMTTaZ3Tr2Na4A8lOcEzU1Yw6ylPYaBWaoe44fGzpMbkRhH499HvnIU-cWc2d3-VB5jrimAeR_4kCWGvaSgkuMvlkvmQPLcTXksLD_D1rshqLGTK_b2sxSgKmRDp0LLkblwBFhhJxV1Q6tPESTPStuGCt_GuIVLmkG4aY26rhvw",
"token_type": "bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJDN185LTBUN18yaGxnTWxybzJYSzJSMWw0ZzRaUGxsNkhncEM3RXJlYXdjIn0.eyJqdGkiOiJlY2ZlYzVmMy1mMDIyLTQ4N2MtYTE2Zi02MTEyMWJmZjZkZDMiLCJleHAiOjE1MzU1OTg3MzIsIm5iZiI6MCwiaWF0IjoxNTM1NTk1MTMyLCJpc3MiOiJodHRwOi8vaWRlbnRpdHktcWEucm9vbWlzLmNvbS5jbi9hdXRoL3JlYWxtcy90ZXN0IiwiYXVkIjoidGVzdC1jbGllbnQiLCJzdWIiOiJkNTljZDAxMi1jNzM0LTRhMjQtYWNkNi1iOWFmMDEyZGRhNzgiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3QtY2xpZW50IiwiYXV0aF90aW1lIjoxNTM1NTk1MTE1LCJzZXNzaW9uX3N0YXRlIjoiYzY1YWU4NjYtZTM5MS00N2M4LTk2NjAtNTViZmU0NDcxZmQ3IiwiYWNyIjoiMSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdCJ9.No8BTKOom7LdLIzbVFo0WzAxjx5fUmHYL1Yqt8dSHx5-dJmrogMMPFijii5v8EzsKr-43BPGOCITPrI9cvdPsmaQNW36qnpWs3cgqyK7UWngV62L9Ra2wTU3sjEkzDrdjMQpe26aJyMgDxnEcb3ld2aoQFMP8chAyYxc3V4B-7jO0aA0utA6EDP0rvzP4fT-6RQmiTkH3jW5Ie5NeMGQo9UTulUQDVCvUspuGNRrGqX_gQmmTUWymmo4pY71_kBC861jAbES0s8C0DJjs3nX4qVr9VxSFGUdoAC_EhE75cTVdwwOAxjn6LLHKlG2jgwR8r41K8fWY3VMbFBNSRJD4Q",
"not-before-policy": 1535536386,
"session_state": "c65ae866-e391-47c8-9660-55bfe4471fd7",
"scope": "openid profile email"
}
上文介绍了code交换token的流程,可参照:https://connect2id.com/learn/openid-connect
转载请注明:http://cnblogs.com/cnxieyang