diff --git a/sa-token-doc/use/config.md b/sa-token-doc/use/config.md index bc314b06..210175e7 100644 --- a/sa-token-doc/use/config.md +++ b/sa-token-doc/use/config.md @@ -309,6 +309,8 @@ sa-token.sso-client.is-slo=true | openidDigestPrefix | String | openid_default_digest_prefix | 默认 openid 生成算法中使用的摘要前缀 | | higherScope | String | | 指定高级权限,多个用逗号隔开 | | lowerScope | String | | 指定低级权限,多个用逗号隔开 | +| mode4ReturnAccessToken | Boolean | false | 模式4是否返回 AccessToken 字段,用于兼容OAuth2标准协议 | +| oidc | SaOAuth2OidcConfig | new SaOAuth2OidcConfig() | OIDC 相关配置 | 配置示例: @@ -337,6 +339,31 @@ sa-token.oauth2-server.enable-client-credentials=true +##### OIDC 相关配置 +| 参数名称 | 类型 | 默认值 | 说明 | +| :-------- | :-------- | :-------- | :-------- | +| iss | String | | iss 值,如不配置则自动计算 | +| idTokenTimeout | long | 600 | idToken 有效期(单位秒) 默认十分钟 | + + + +``` yaml +# Sa-Token 配置 +sa-token: + oauth2-server: + oidc: + iss: xxx + idTokenTimeout: 600 +``` + +``` properties +sa-token.oauth2-server.oidc.iss=xxx +sa-token.oauth2-server.oidc.idTokenTimeout=600 +``` + + + + ##### SaClientModel属性定义 | 参数名称 | 类型 | 默认值 | 说明 | | :-------- | :-------- | :-------- | :-------- | diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java index dbb2e74f..39555dfd 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java @@ -72,6 +72,9 @@ public class SaOAuth2ServerConfig implements Serializable { /** 指定低级权限,多个用逗号隔开 */ public String lowerScope; + /** 模式4是否返回 AccessToken 字段 */ + public Boolean mode4ReturnAccessToken = false; + /** * oidc 相关配置 */ @@ -292,6 +295,21 @@ public class SaOAuth2ServerConfig implements Serializable { return this; } + /** + * @return mode4ReturnAccessToken + */ + public Boolean getMode4ReturnAccessToken() { + return mode4ReturnAccessToken; + } + + /** + * @param mode4ReturnAccessToken 要设置的 mode4ReturnAccessToken + */ + public SaOAuth2ServerConfig setMode4ReturnAccessToken(Boolean mode4ReturnAccessToken) { + this.mode4ReturnAccessToken = mode4ReturnAccessToken; + return this; + } + /** * 获取 oidc 相关配置 * @@ -346,6 +364,7 @@ public class SaOAuth2ServerConfig implements Serializable { ", openidDigestPrefix='" + openidDigestPrefix + ", higherScope='" + higherScope + ", lowerScope='" + lowerScope + + ", mode4ReturnAccessToken='" + mode4ReturnAccessToken + ", oidc='" + oidc + '}'; } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java index 5693d9aa..9311abb5 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java @@ -141,7 +141,10 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver { Map map = new LinkedHashMap<>(); map.put("token_type", ct.tokenType); map.put("client_token", ct.clientToken); - // map.put("access_token", ct.clientToken); // 兼容 OAuth2 协议 + // 兼容 OAuth2 协议 + if(SaOAuth2Manager.getServerConfig().mode4ReturnAccessToken) { + map.put("access_token", ct.clientToken); + } map.put("expires_in", ct.getExpiresIn()); map.put("client_id", ct.clientId); map.put("scope", SaOAuth2Manager.getDataConverter().convertScopeListToString(ct.scopes));