Java Spring Security with OpenId Provider

2019-07-22 04:30发布

问题:

I have a spring MVC application.Another client application want access my spring app using open id connect. How to implement open id provider in server side.Please help.

回答1:

MITREid Connect OpenID-Connect-Java-Spring-Server is an OpenID Connect implementation on the Spring platform.

I'm afraid that Spring Security OAuth project won't be able to support OpenID Connect because it will require big changes in design. See Issue 619, for example.

In general, a typical OAuth 2.0 server implementation assumes that a value of response_type parameter contained in an authorization request is either code or token (although RFC 6749 mentions the possibility that the parameter may take multiple values at a time). However, OpenID Connect Core 1.0 and OAuth 2.0 Multiple Response Type Encoding Practices have invalidated the assumption explicitly. Now, response_type parameter can be any combination of code, token and id_token, or none. This has a big impact on existing OAuth 2.0 server implementations. Personally, as a matter of fact, I once discarded my OAuth 2.0 server implementation and rewrote it from scratch to support OpenID Connect.