oauth2Login metodu
Şu satırı dahil ederiz
implementation ("org.springframework.boot:spring-boot-starter-oauth2-client:2.7.2")implementation ("org.springframework.boot:spring-boot-starter-webflux:2.7.2")
Açıklaması şöyle
PKCE (pronounced “pixy”) stands for “Proof Key for Code Exchange.” It is a security mechanism that is used to protect authorization code grants when used with OAuth 2.0 and OpenID Connect.When an application wants to access a user’s resources on a resource server (such as an API), the application must first obtain an authorization code from the authorization server. This authorization code can then be exchanged for an access token, which allows the application to access the user’s resources.However, this process can be vulnerable to attacks if the authorization code is intercepted by an attacker. PKCE was introduced to protect against this type of attack by requiring the application to include additional information, called a “code verifier,” when requesting the authorization code. The authorization server includes this code verifier when issuing the authorization code, and the application must provide it again when exchanging the authorization code for an access token. This ensures that the application is the one that initiated the request, rather than an attacker who may have intercepted the authorization code.PKCE is particularly important when an application is using the authorization code grant type in a native application, as it is more vulnerable to code interception attacks.PKCE will be mandatory with the authorization code flow in OAUTH 2.1Until recently, developers had to implement bespoke component in their spring app to get around this limitation. Fortunately, Spring security 5.7 supports natively PKCE.By default it’s deactivated as there’re still some authorisation servers which don’t support PKCE. We’ll see below how to enable this feature.
Şöyle yaparız
@Beanpublic SecurityWebFilterChain pkceFilterChain(ServerHttpSecurity http,ServerOAuth2AuthorizationRequestResolver pkceResolver) {http.authorizeExchange(r -> r.anyExchange().authenticated());http.oauth2Login(auth -> auth.authorizationRequestResolver(pkceResolver));return http.build();}@Beanpublic ServerOAuth2AuthorizationRequestResolver getPkceResolver(ReactiveClientRegistrationRepository reactiveRepo) {var pkceResolver = new DefaultServerOAuth2AuthorizationRequestResolver(reactiveRepo);pkceResolver.setAuthorizationRequestCustomizer( OAuth2AuthorizationRequestCustomizers.withPkce());return pkceResolver;}
Hiç yorum yok:
Yorum Gönder