From 54d29f0fb52e669d1436cb1305a1da7f5a01957d Mon Sep 17 00:00:00 2001 From: cuiguiyang Date: Tue, 9 Apr 2024 15:30:59 +0800 Subject: [PATCH] =?UTF-8?q?=E5=85=BC=E5=AE=B9=E8=AF=B7=E6=B1=82/oauth2/tok?= =?UTF-8?q?en=E6=8E=A5=E5=8F=A3=E6=97=B6Basic=E4=B8=AD=E6=90=BA=E5=B8=A6cl?= =?UTF-8?q?ientId=E5=92=8CclientSecret=E7=9A=84=E5=9C=BA=E6=99=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../satoken/oauth2/logic/SaOAuth2Handle.java | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java index 59c13a5f..99403d0d 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java @@ -15,6 +15,7 @@ */ package cn.dev33.satoken.oauth2.logic; +import cn.dev33.satoken.basic.SaBasicUtil; import cn.dev33.satoken.context.SaHolder; import cn.dev33.satoken.context.model.SaRequest; import cn.dev33.satoken.context.model.SaResponse; @@ -32,6 +33,7 @@ import cn.dev33.satoken.oauth2.model.CodeModel; import cn.dev33.satoken.oauth2.model.RequestAuthModel; import cn.dev33.satoken.oauth2.model.SaClientModel; import cn.dev33.satoken.stp.StpUtil; +import cn.dev33.satoken.util.SaFoxUtil; import cn.dev33.satoken.util.SaResult; /** @@ -177,9 +179,20 @@ public class SaOAuth2Handle { */ public static Object token(SaRequest req, SaResponse res, SaOAuth2Config cfg) { // 获取参数 + String authorizationValue = SaBasicUtil.getAuthorizationValue(); + String clientId; + String clientSecret; + // gitlab回调token接口时,按照的是标准的oauth2协议的basic请求头,basic中会包含client_id和client_secret的信息 + if(SaFoxUtil.isEmpty(authorizationValue)){ + clientId = req.getParamNotNull(Param.client_id); + clientSecret = req.getParamNotNull(Param.client_secret); + } else { + String[] clientIdAndSecret = authorizationValue.split(":"); + clientId = clientIdAndSecret[0]; + clientSecret = clientIdAndSecret[1]; + } + String code = req.getParamNotNull(Param.code); - String clientId = req.getParamNotNull(Param.client_id); - String clientSecret = req.getParamNotNull(Param.client_secret); String redirectUri = req.getParam(Param.redirect_uri); // 校验参数