yadong.zhang
162 lines
5.4 KiB
Java
162 lines
5.4 KiB
Java
package me.zhyd.oauth.request;
|
|
|
|
import cn.hutool.http.HttpRequest;
|
|
import cn.hutool.http.HttpResponse;
|
|
import com.alibaba.fastjson.JSONObject;
|
|
import me.zhyd.oauth.config.AuthConfig;
|
|
import me.zhyd.oauth.config.AuthSource;
|
|
import me.zhyd.oauth.enums.AuthUserGender;
|
|
import me.zhyd.oauth.exception.AuthException;
|
|
import me.zhyd.oauth.model.*;
|
|
import me.zhyd.oauth.utils.UrlBuilder;
|
|
|
|
import static me.zhyd.oauth.utils.GlobalAuthUtil.parseQueryToMap;
|
|
|
|
/**
|
|
* 微软登录
|
|
*
|
|
* @author yangkai.shen (https://xkcoding.com)
|
|
* @version 1.5
|
|
* @since 1.5
|
|
*/
|
|
public class AuthMicrosoftRequest extends AuthDefaultRequest {
|
|
public AuthMicrosoftRequest(AuthConfig config) {
|
|
super(config, AuthSource.MICROSOFT);
|
|
}
|
|
|
|
@Override
|
|
protected AuthToken getAccessToken(AuthCallback authCallback) {
|
|
return getToken(accessTokenUrl(authCallback.getCode()));
|
|
}
|
|
|
|
/**
|
|
* 获取token,适用于获取access_token和刷新token
|
|
*
|
|
* @param accessTokenUrl 实际请求token的地址
|
|
* @return token对象
|
|
*/
|
|
private AuthToken getToken(String accessTokenUrl) {
|
|
HttpResponse response = HttpRequest.post(accessTokenUrl)
|
|
.header("Host", "https://login.microsoftonline.com")
|
|
.contentType("application/x-www-form-urlencoded")
|
|
.form(parseQueryToMap(accessTokenUrl))
|
|
.execute();
|
|
String accessTokenStr = response.body();
|
|
JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);
|
|
|
|
this.checkResponse(accessTokenObject);
|
|
|
|
return AuthToken.builder()
|
|
.accessToken(accessTokenObject.getString("access_token"))
|
|
.expireIn(accessTokenObject.getIntValue("expires_in"))
|
|
.scope(accessTokenObject.getString("scope"))
|
|
.tokenType(accessTokenObject.getString("token_type"))
|
|
.refreshToken(accessTokenObject.getString("refresh_token"))
|
|
.build();
|
|
}
|
|
|
|
private void checkResponse(JSONObject response) {
|
|
if (response.containsKey("error")) {
|
|
throw new AuthException(response.getString("error_description"));
|
|
}
|
|
}
|
|
|
|
@Override
|
|
protected AuthUser getUserInfo(AuthToken authToken) {
|
|
String token = authToken.getAccessToken();
|
|
String tokenType = authToken.getTokenType();
|
|
String jwt = tokenType + " " + token;
|
|
HttpResponse response = HttpRequest.get(userInfoUrl(authToken)).header("Authorization", jwt).execute();
|
|
String userInfo = response.body();
|
|
JSONObject object = JSONObject.parseObject(userInfo);
|
|
return AuthUser.builder()
|
|
.uuid(object.getString("id"))
|
|
.username(object.getString("userPrincipalName"))
|
|
.nickname(object.getString("displayName"))
|
|
.location(object.getString("officeLocation"))
|
|
.email(object.getString("mail"))
|
|
.gender(AuthUserGender.UNKNOWN)
|
|
.token(authToken)
|
|
.source(AuthSource.MICROSOFT)
|
|
.build();
|
|
}
|
|
|
|
/**
|
|
* 刷新access token (续期)
|
|
*
|
|
* @param authToken 登录成功后返回的Token信息
|
|
* @return AuthResponse
|
|
*/
|
|
@Override
|
|
public AuthResponse refresh(AuthToken authToken) {
|
|
return AuthResponse.builder()
|
|
.code(AuthResponseStatus.SUCCESS.getCode())
|
|
.data(getToken(refreshTokenUrl(authToken.getRefreshToken())))
|
|
.build();
|
|
}
|
|
|
|
/**
|
|
* 返回认证url,可自行跳转页面
|
|
*
|
|
* @return 返回授权地址
|
|
*/
|
|
@Override
|
|
public String authorize() {
|
|
return UrlBuilder.fromBaseUrl(source.authorize())
|
|
.queryParam("response_type", "code")
|
|
.queryParam("client_id", config.getClientId())
|
|
.queryParam("redirect_uri", config.getRedirectUri())
|
|
.queryParam("response_mode", "query")
|
|
.queryParam("scope", "offline_access%20user.read%20mail.read")
|
|
.queryParam("state", getRealState(config.getState()))
|
|
.build();
|
|
}
|
|
|
|
/**
|
|
* 返回获取accessToken的url
|
|
*
|
|
* @param code
|
|
* @return 返回获取accessToken的url
|
|
*/
|
|
@Override
|
|
protected String accessTokenUrl(String code) {
|
|
return UrlBuilder.fromBaseUrl(source.accessToken())
|
|
.queryParam("code", code)
|
|
.queryParam("client_id", config.getClientId())
|
|
.queryParam("client_secret", config.getClientSecret())
|
|
.queryParam("grant_type", "authorization_code")
|
|
.queryParam("scope", "user.read%20mail.read")
|
|
.queryParam("redirect_uri", config.getRedirectUri())
|
|
.build();
|
|
}
|
|
|
|
/**
|
|
* 返回获取userInfo的url
|
|
*
|
|
* @param authToken
|
|
* @return 返回获取userInfo的url
|
|
*/
|
|
@Override
|
|
protected String userInfoUrl(AuthToken authToken) {
|
|
return UrlBuilder.fromBaseUrl(source.userInfo()).build();
|
|
}
|
|
|
|
/**
|
|
* 返回获取accessToken的url
|
|
*
|
|
* @param refreshToken
|
|
* @return 返回获取accessToken的url
|
|
*/
|
|
@Override
|
|
protected String refreshTokenUrl(String refreshToken) {
|
|
return UrlBuilder.fromBaseUrl(source.refresh())
|
|
.queryParam("client_id", config.getClientId())
|
|
.queryParam("client_secret", config.getClientSecret())
|
|
.queryParam("refresh_token", refreshToken)
|
|
.queryParam("grant_type", "refresh_token")
|
|
.queryParam("scope", "user.read%20mail.read")
|
|
.queryParam("redirect_uri", config.getRedirectUri())
|
|
.build();
|
|
}
|
|
}
|