From 760805f78cdd65477039997314eeb0c64d08b9f8 Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Sat, 24 Aug 2024 04:27:29 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=20mode4ReturnAccessToken=20?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=EF=BC=8C=E6=8C=87=E5=AE=9A=E6=A8=A1=E5=BC=8F?=
 =?UTF-8?q?4=E6=98=AF=E5=90=A6=E8=BF=94=E5=9B=9E=20AccessToken=20=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sa-token-doc/use/config.md                    | 27 +++++++++++++++++++
 .../oauth2/config/SaOAuth2ServerConfig.java   | 19 +++++++++++++
 .../SaOAuth2DataResolverDefaultImpl.java      |  5 +++-
 3 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/sa-token-doc/use/config.md b/sa-token-doc/use/config.md
index bc314b06..210175e7 100644
--- a/sa-token-doc/use/config.md
+++ b/sa-token-doc/use/config.md
@@ -309,6 +309,8 @@ sa-token.sso-client.is-slo=true
 | openidDigestPrefix		| String	| openid_default_digest_prefix		| 默认 openid 生成算法中使用的摘要前缀				 	|
 | higherScope				| String	| 		| 指定高级权限，多个用逗号隔开				 	|
 | lowerScope				| String	| 		| 指定低级权限，多个用逗号隔开				 	|
+| mode4ReturnAccessToken	| Boolean	| false	| 模式4是否返回 AccessToken 字段，用于兼容OAuth2标准协议			 	|
+| oidc		| SaOAuth2OidcConfig	| new SaOAuth2OidcConfig()	| OIDC 相关配置			 	|
 
 配置示例：
 <!---------------------------- tabs:start ---------------------------->
@@ -337,6 +339,31 @@ sa-token.oauth2-server.enable-client-credentials=true
 <!---------------------------- tabs:end ---------------------------->
 
 
+##### OIDC 相关配置
+| 参数名称					| 类型		| 默认值	| 说明																			|
+| :--------					| :--------	| :--------	| :--------																	|
+| iss						| String	| 			| iss 值，如不配置则自动计算													|
+| idTokenTimeout			| long		| 600		| idToken 有效期（单位秒） 默认十分钟											|
+
+<!---------------------------- tabs:start ---------------------------->
+<!------------- tab:yaml 风格  ------------->
+``` yaml
+# Sa-Token 配置
+sa-token: 
+    oauth2-server: 
+		oidc: 
+			iss: xxx
+			idTokenTimeout: 600
+```
+<!------------- tab:properties 风格  ------------->
+``` properties
+sa-token.oauth2-server.oidc.iss=xxx
+sa-token.oauth2-server.oidc.idTokenTimeout=600
+```
+<!---------------------------- tabs:end ---------------------------->
+
+
+
 ##### SaClientModel属性定义
 | 参数名称				| 类型			| 默认值	| 说明													|
 | :--------				| :--------		| :--------	| :--------											|
diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java
index dbb2e74f..39555dfd 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2ServerConfig.java
@@ -72,6 +72,9 @@ public class SaOAuth2ServerConfig implements Serializable {
 	/** 指定低级权限，多个用逗号隔开 */
 	public String lowerScope;
 
+	/** 模式4是否返回 AccessToken 字段 */
+	public Boolean mode4ReturnAccessToken = false;
+
 	/**
 	 * oidc 相关配置
 	 */
@@ -292,6 +295,21 @@ public class SaOAuth2ServerConfig implements Serializable {
 		return this;
 	}
 
+	/**
+	 * @return mode4ReturnAccessToken
+	 */
+	public Boolean getMode4ReturnAccessToken() {
+		return mode4ReturnAccessToken;
+	}
+
+	/**
+	 * @param mode4ReturnAccessToken 要设置的 mode4ReturnAccessToken
+	 */
+	public SaOAuth2ServerConfig setMode4ReturnAccessToken(Boolean mode4ReturnAccessToken) {
+		this.mode4ReturnAccessToken = mode4ReturnAccessToken;
+		return this;
+	}
+
 	/**
 	 * 获取 oidc 相关配置
 	 *
@@ -346,6 +364,7 @@ public class SaOAuth2ServerConfig implements Serializable {
 				", openidDigestPrefix='" + openidDigestPrefix +
 				", higherScope='" + higherScope +
 				", lowerScope='" + lowerScope +
+				", mode4ReturnAccessToken='" + mode4ReturnAccessToken +
 				", oidc='" + oidc +
 				'}';
 	}
diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java
index 5693d9aa..9311abb5 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java
@@ -141,7 +141,10 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver {
         Map<String, Object> map = new LinkedHashMap<>();
         map.put("token_type", ct.tokenType);
         map.put("client_token", ct.clientToken);
-        // map.put("access_token", ct.clientToken); // 兼容 OAuth2 协议
+        // 兼容 OAuth2 协议
+        if(SaOAuth2Manager.getServerConfig().mode4ReturnAccessToken) {
+             map.put("access_token", ct.clientToken);
+        }
         map.put("expires_in", ct.getExpiresIn());
         map.put("client_id", ct.clientId);
         map.put("scope", SaOAuth2Manager.getDataConverter().convertScopeListToString(ct.scopes));