yadong.zhang
107 lines
3.8 KiB
Java
107 lines
3.8 KiB
Java
package me.zhyd.oauth.request;
|
|
|
|
import com.alibaba.fastjson.JSONObject;
|
|
import me.zhyd.oauth.utils.HttpUtils;
|
|
import com.xkcoding.http.support.HttpHeader;
|
|
import me.zhyd.oauth.cache.AuthStateCache;
|
|
import me.zhyd.oauth.config.AuthConfig;
|
|
import me.zhyd.oauth.config.AuthDefaultSource;
|
|
import me.zhyd.oauth.enums.AuthUserGender;
|
|
import me.zhyd.oauth.exception.AuthException;
|
|
import me.zhyd.oauth.model.AuthCallback;
|
|
import me.zhyd.oauth.model.AuthToken;
|
|
import me.zhyd.oauth.model.AuthUser;
|
|
import me.zhyd.oauth.utils.UrlBuilder;
|
|
|
|
/**
|
|
* Google登录
|
|
*
|
|
* @author yangkai.shen (https://xkcoding.com)
|
|
* @since 1.3.0
|
|
*/
|
|
public class AuthGoogleRequest extends AuthDefaultRequest {
|
|
|
|
public AuthGoogleRequest(AuthConfig config) {
|
|
super(config, AuthDefaultSource.GOOGLE);
|
|
}
|
|
|
|
public AuthGoogleRequest(AuthConfig config, AuthStateCache authStateCache) {
|
|
super(config, AuthDefaultSource.GOOGLE, authStateCache);
|
|
}
|
|
|
|
@Override
|
|
protected AuthToken getAccessToken(AuthCallback authCallback) {
|
|
String response = doPostAuthorizationCode(authCallback.getCode());
|
|
JSONObject accessTokenObject = JSONObject.parseObject(response);
|
|
this.checkResponse(accessTokenObject);
|
|
return AuthToken.builder()
|
|
.accessToken(accessTokenObject.getString("access_token"))
|
|
.expireIn(accessTokenObject.getIntValue("expires_in"))
|
|
.scope(accessTokenObject.getString("scope"))
|
|
.tokenType(accessTokenObject.getString("token_type"))
|
|
.idToken(accessTokenObject.getString("id_token"))
|
|
.build();
|
|
}
|
|
|
|
@Override
|
|
protected AuthUser getUserInfo(AuthToken authToken) {
|
|
HttpHeader httpHeader = new HttpHeader();
|
|
httpHeader.add("Authorization", "Bearer " + authToken.getAccessToken());
|
|
String userInfo = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, httpHeader);
|
|
JSONObject object = JSONObject.parseObject(userInfo);
|
|
this.checkResponse(object);
|
|
return AuthUser.builder()
|
|
.rawUserInfo(object)
|
|
.uuid(object.getString("sub"))
|
|
.username(object.getString("email"))
|
|
.avatar(object.getString("picture"))
|
|
.nickname(object.getString("name"))
|
|
.location(object.getString("locale"))
|
|
.email(object.getString("email"))
|
|
.gender(AuthUserGender.UNKNOWN)
|
|
.token(authToken)
|
|
.source(source.toString())
|
|
.build();
|
|
}
|
|
|
|
/**
|
|
* 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state}
|
|
*
|
|
* @param state state 验证授权流程的参数,可以防止csrf
|
|
* @return 返回授权地址
|
|
* @since 1.9.3
|
|
*/
|
|
@Override
|
|
public String authorize(String state) {
|
|
return UrlBuilder.fromBaseUrl(source.authorize())
|
|
.queryParam("response_type", "code")
|
|
.queryParam("client_id", config.getClientId())
|
|
.queryParam("scope", "openid%20email%20profile")
|
|
.queryParam("redirect_uri", config.getRedirectUri())
|
|
.queryParam("state", getRealState(state))
|
|
.build();
|
|
}
|
|
|
|
/**
|
|
* 返回获取userInfo的url
|
|
*
|
|
* @param authToken 用户授权后的token
|
|
* @return 返回获取userInfo的url
|
|
*/
|
|
@Override
|
|
protected String userInfoUrl(AuthToken authToken) {
|
|
return UrlBuilder.fromBaseUrl(source.userInfo()).queryParam("access_token", authToken.getAccessToken()).build();
|
|
}
|
|
|
|
/**
|
|
* 检查响应内容是否正确
|
|
*
|
|
* @param object 请求响应内容
|
|
*/
|
|
private void checkResponse(JSONObject object) {
|
|
if (object.containsKey("error") || object.containsKey("error_description")) {
|
|
throw new AuthException(object.containsKey("error") + ":" + object.getString("error_description"));
|
|
}
|
|
}
|
|
}
|