Jap for Solon - 官方食用指南

博主： sxsx欧克
发布时间：2022 年 02 月 22 日
259 次浏览
暂无评论
30388字数
分类： Solon

概述

将 Just Auth Plus 以及 Just Auth Plus Identity Server 适配进 Solon，弥补了 Solon 缺少完整的认证体系的问题，为所有使用 Solon 进行快速开发的你们提供了更加方便的工具。

Just Auth Plus 方面目前只完成了 Simple、Socail 以及 Mfa 部分，如果你对 OICD、LADP、HTTP API 的适配有需求，请添加 QQ 群 22200020，大鸽子浅念子会光速适配。

开始食用

你需要引入我们已经适配好的依赖来引入整个体系，当然如果你只使用其中一个也可以只引用其中一个：

<dependency>
    <groupId>org.noear</groupId>
    <artifactId>jap-solon-plugin</artifactId>
 </dependency>
<dependency>
     <groupId>org.noear</groupId>
     <artifactId>jap-ids-solon-plugin</artifactId> 
</dependency>

Maven Reload!

借这个机会我们来趁机配置一下这两个组件（在你的 app.yml 中）：

jap:
  # Auth 控制器注册根路径
  authPath: /auth
  # Account 控制器注册根路径
  accountPath: /account
  # 生成 Mfa QRCode 时 Issuer
  issuer: SakuraImpression
  # JapConfig 映射
  japConfig:
    # 是否启用单点登录
    sso: true
    # SSOConfig 映射
    ssoConfig:
      # 指定了 Cookie 使用的域名
      cookieDomain: 127.0.0.1:6040
  # SimpleConfig 映射
  # !!! 指定该项启动 Simple !!!
  simpleConfig:
    # 指定了 remberMe 加密的 盐
    credentialEncryptSalt: a1f735ed0cffd6f5ea80f8ee7ba68d02
  # 社会化登录第三方整数列表
  # 其中的每一项均为 AuthConfig 映射
  # !!! 指定该项启动 Social !!!
  credentials:
    gitee:
      clientId: b002b405304bd0b384029e8b04017349026bcca5cfe73cc6f5ca047cc4fe9241
      clientSecret: 7942f86793e5fc1b73f8e3b2f2ee1925b0c9e923b0819a32097048bbeb15b5
      redirectUri: http://127.0.0.1:6040/auth/social/gitee
    github:
      clientId: c394492091a984o659bc
      clientSecret: 60c82d553f1b0dac17f2164eabc4ac63ffc831ca
      redirectUri: http://127.0.0.1:6040/auth/social/github/callback
  # 下一跳地址白名单，验证成功或失败后的跳转地址
  # 更是确定是否为前后端分离的重要请求参数
  nexts:
    - https://passport.liusuyun.com/
    - /auth/social/bind
    - http://127.0.0.1:8000/auth/social#data={data}&code={code}
  # Just Auth Plus Identity Server 配置
  ids:
    # 全部控制器注册的根路径，默认为 /oauth
    basePath: /auth/o
    # IdsConfig 映射
    config:
      # 服务根路径，用于 服务发现
      issuer: http://127.0.0.1:6040
      # Jwt 密钥配置
      jwtConfig:
        jwksKeyId: jap-jwk-keyid
        jwksJson: |-
          {
            "keys": [
              {
                "p": "v5G0QPkr9zi1znff2g7p5K1ac1F2KNjXmk31Etl0UrRBwHiTxM_MkkldGlxnXWoFL4_cPZZMt_W14Td5qApknLFOh9iRWRPwqlFgC-eQzUjPeYvxjRbtV5QUHtbzrDCLjLiSNyhsLXHyi_yOawD2BS4U6sBWMSJlL2lShU7EAaU",
                "kty": "RSA",
                "q": "s2X9UeuEWky_io9hFAoHZjBxMBheNAGrHXtWat6zlg2tf_SIKpZ7Xs8C_-kr9Pvj-D428QsOjFZE-EtNBSXoMrvlMk7fGDl9x1dHvLS9GSitkXH2-Wthg8j0j0nfAmyEt94jP-XEkYic1Ok7EfBOPuvL21HO7YuB-cOff9ZGvBk",
                "d": "Rj-QBeBdx85VIHkwVY1T94ZeeC_Z6Zw-cz5lk5Msw0U9QhSTWo28-d2lYjK7dhQn-E19JhTbCVE11UuUqENKZmO__yRgO1UJaj2x6vWMtgJptah7m8lI-QW0w6TnVxAHWfRPpKSEfbN4SpeufYf5PYhmmzT0A954Z2o0kqS4iHd0gwNAovOXaxriGXO1CcOQjBFEcm0BdboQZ7CKCoJ1D6S0xZpVFSJg-1AtagY5dzStyekzETO2tQSmVw4ogIoJsIbu3aYwbukmCoULQfJ36D0mPzrTG5oocEbbuCps_vH72VjZORHHAl4hwritFT_jD2bdQHSNMGukga8C0L1WQQ",
                "e": "AQAB",
                "use": "sig",
                "kid": "jap-jwk-keyid",
                "qi": "Asr5dZMDvwgquE6uFnDaBC76PY5JUzxQ5wY5oc4nhIm8UxQWwYZTWq-HOWkMB5c99fG1QxLWQKGtsguXfOXoNgnI--yHzLZcXf1XAd0siguaF1cgQIqwRUf4byofE6uJ-2ZON_ezn6Uvly8fDIlgwmKAiiwWvHI4iLqvqOReBgs",
                "dp": "oIUzuFnR6FcBqJ8z2KE0haRorUZuLy38A1UdbQz_dqmKiv--OmUw8sc8l3EkP9ctvzvZfVWqtV7TZ4M3koIa6l18A0KKEE0wFVcYlwETiaBgEWYdIm86s27mKS1Og1MuK90gz800UCQx6_DVWX41qAOEDWzbDFLY3JBxUDi-7u0",
                "alg": "RS256",
                "dq": "MpNSM0IecgapCTsatzeMlnaZsmFsTWUbBJi86CwYnPkGLMiXisoZxcS-p77osYxB3L5NZu8jDtVTZFx2PjlNmN_34ZLyujWbDBPDGaQqm2koZZSnd_GZ8Dk7GRpOULSfRebOMTlpjU3iSPPnv0rsBDkdo5sQp09pOSy5TqTuFCE",
                "n": "hj8zFdhYFi-47PO4B4HTRuOLPR_rpZJi66g4JoY4gyhb5v3Q57etSU9BnW9QQNoUMDvhCFSwkz0hgY5HqVj0zOG5s9x2a594UDIinKsm434b-pT6bueYdvM_mIUEKka5pqhy90wTTka42GvM-rBATHPTarq0kPTR1iBtYao8zX-RWmCbdumEWOkMFUGbBkUcOSJWzoLzN161WdYr2kJU5PFraUP3hG9fPpMEtvqd6IwEL-MOVx3nqc7zk3D91E6eU7EaOy8nz8echQLl6Ps34BSwEpgOhaHDD6IJzetW-KorYeC0r0okXhrl0sUVE2c71vKPVVtueJSIH6OwA3dVHQ"
              }
            ]
          }

文中所指的映射是指该条目中的配置项会使用 Snack3 通过反射的方式，注入生成相关 Bean 实例，所以该类下的所有字段你都可以自由配置。

相关服务实现与注入

以下服务的实现仅供参考，请根据具体业务逻辑来调整。

我们推荐封装一个公共 Service 用于用户查询，因为会反复使用相同代码。

package com.liusuyun.flowersay.gateway.services;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.liusuyun.flowersay.common.entities.models.User;
import com.liusuyun.flowersay.common.mappers.UserMapper;
import com.liusuyun.flowersay.common.utils.AbstractUtils;
import org.apache.ibatis.ext.solon.Db;

/**
 * @author 颖
 */
public abstract class JapService extends AbstractUtils {

    @Db
    UserMapper userMapper;

    protected User findUser(String username) {
        QueryWrapper<User> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("username", username)
                .or().eq("email", username);

        return this.userMapper.selectOne(queryWrapper);
    }

    protected User findUser(Long id) {
        return this.userMapper.selectById(id);
    }

}

package com.liusuyun.flowersay.gateway.services;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.fujieid.jap.ids.model.ClientDetail;
import com.fujieid.jap.ids.model.enums.GrantType;
import com.fujieid.jap.ids.model.enums.ResponseType;
import com.fujieid.jap.ids.service.IdsClientDetailService;
import com.liusuyun.flowersay.gateway.entities.OAuthClient;
import com.liusuyun.flowersay.gateway.mappers.OAuthClientMapper;
import org.apache.ibatis.ext.solon.Db;
import org.noear.solon.annotation.Component;
import org.noear.solon.annotation.Inject;

import java.util.List;
import java.util.stream.Collectors;

/**
 * @author 颖
 * @version 1.0.0
 * @date 2021-04-14 10:27
 * @since 1.0.0
 */
public class IdsClientDetailServiceImpl implements IdsClientDetailService {

    @Db
    OAuthClientMapper oAuthClientMapper;

    /**
     * 通过 client_id 查询客户端信息
     *
     * @param clientId 客户端应用id
     * @return AppOauthClientDetails
     */
    @Override
    public ClientDetail getByClientId(String clientId) {
        QueryWrapper<OAuthClient> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("client_id", clientId);

        return this.convert(
                this.oAuthClientMapper.selectOne(queryWrapper)
        );
    }

    /**
     * Add client
     *
     * @param clientDetail Client application details
     * @return ClientDetail
     */
    @Override
    public ClientDetail add(ClientDetail clientDetail) {
        return IdsClientDetailService.super.add(clientDetail);
    }

    /**
     * Modify the client
     *
     * @param clientDetail Client application details
     * @return ClientDetail
     */
    @Override
    public ClientDetail update(ClientDetail clientDetail) {
        return IdsClientDetailService.super.update(clientDetail);
    }

    /**
     * Delete client by primary key
     *
     * @param id Primary key of the client application
     * @return boolean
     */
    @Override
    public boolean removeById(String id) {
        this.oAuthClientMapper.deleteById(Long.parseLong(id));
        return true;
    }

    /**
     * Delete client by client id
     *
     * @param clientId Client application id
     * @return ClientDetail
     */
    @Override
    public boolean removeByClientId(String clientId) {
        QueryWrapper<OAuthClient> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("client_id", clientId);

        this.oAuthClientMapper.delete(queryWrapper);
        return true;
    }

    /**
     * 获取所有 client detail
     *
     * @return List
     */
    @Override
    public List<ClientDetail> getAllClientDetail() {
        return this.oAuthClientMapper.selectList(new QueryWrapper<>())
                .stream()
                .map(this::convert)
                .collect(Collectors.toList());
    }

    private ClientDetail convert(OAuthClient client) {
        if(client == null) {
            return null;
        }
        return new ClientDetail()
                .setId(String.valueOf(client.getId()))
                .setAppName(client.getName())
                .setClientId(client.getClientId())
                .setClientSecret(client.getClientSecret())
                .setSiteDomain(client.getSiteDomain())
                .setRedirectUri(client.getRedirectUri())
                .setLogoutRedirectUri(client.getLogoutUri())
                .setLogo(client.getLogo())
                .setAvailable(client.isAvailable())
                .setDescription(client.getDescription())
                .setScopes(client.getScopes())
                .setGrantTypes(GrantType.values()[client.getGrantTypes()].getType())
                .setResponseTypes(ResponseType.values()[client.getResponseTypes()].getType())
                .setCodeExpiresIn(client.getCodeExpiresIn())
                .setIdTokenExpiresIn(client.getIdTokenExpiresIn())
                .setAccessTokenExpiresIn(client.getAccessTokenExpiresIn())
                .setRefreshTokenExpiresIn(client.getRefreshTokenExpiresIn())
                .setAutoApprove(client.getAutoApprove())
                .setEnablePkce(client.getEnablePkce())
                .setCodeChallengeMethod(client.getCodeChallengeMethod());
    }

}

package com.liusuyun.flowersay.gateway.services;

import com.fujieid.jap.ids.config.JwtConfig;
import com.fujieid.jap.ids.service.IdsIdentityService;
import org.noear.solon.annotation.Component;

/**
 * @author 颖
 * @version 1.0.0
 * @date 2021-04-16 16:32
 * @since 1.0.0
 */
public class IdsIdentityServiceImpl implements IdsIdentityService {

    /**
     * Get the jwt token encryption key string
     *
     * @param identity User/organization/enterprise identification
     * @return Encryption key string in json format
     */
    @Override
    public String getJwksJson(String identity) {
        return IdsIdentityService.super.getJwksJson(identity);
    }

    /**
     * Get the configuration of jwt token encryption
     *
     * @param identity User/organization/enterprise identification
     * @return Encryption key string in json format
     */
    @Override
    public JwtConfig getJwtConfig(String identity) {
        return IdsIdentityService.super.getJwtConfig(identity);
    }

}

package com.liusuyun.flowersay.gateway.services;

import com.fujieid.jap.ids.model.UserInfo;
import com.fujieid.jap.ids.service.IdsUserService;
import com.liusuyun.flowersay.common.entities.models.User;
import org.noear.solon.annotation.Component;

/**
 * @author 颖
 * @version 1.0.0
 * @date 2021-04-14 10:27
 * @since 1.0.0
 */
public class IdsUserServiceImpl extends JapService implements IdsUserService {

    /**
     * Login with account and password
     *
     * @param username account number
     * @param password password
     * @return UserInfo
     */
    @Override
    public UserInfo loginByUsernameAndPassword(String username, String password, String clientId) {
        User user = this.findUser(username);
        if (user != null) {
            if (user.authenticate(password)) {
                return this.convert(user);
            }
        }
        return null;
    }

    /**
     * Get user info by userid.
     *
     * @param userId userId of the business system
     * @return UserInfo
     */
    @Override
    public UserInfo getById(String userId) {
        return this.convert(
                this.findUser(Long.parseLong(userId))
        );
    }

    /**
     * Get user info by username.
     *
     * @param username username of the business system
     * @return UserInfo
     */
    @Override
    public UserInfo getByName(String username, String clientId) {
        return this.convert(
                this.findUser(username)
        );
    }

    private UserInfo convert(User user) {
        if (user == null) {
            return null;
        }
        return new UserInfo()
                .setId(String.valueOf(user.getId()))
                .setUsername(user.getUsername())
                .setEmail(user.getEmail());
    }

}

package com.liusuyun.flowersay.gateway.services;

import com.fujieid.jap.sso.JapMfaService;
import com.liusuyun.flowersay.common.entities.models.User;

import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/**
 * @author 颖
 */
public class JapMfaServiceImpl extends JapService implements JapMfaService {

    /**
     * 根据帐号查询 secretKey
     *
     * @param userName 申请 secretKey 的用户
     * @return secretKey
     */
    @Override
    public String getSecretKey(String userName) {
        User user = this.findUser(userName);
        return user == null ? null : user.getSecret();
    }

    /**
     * 将 secretKey 关联 userName 后进行保存，可以存入数据库也可以存入其他缓存媒介中
     *
     * @param userName       用户名
     * @param secretKey      申请到的 secretKey
     * @param validationCode 当前计算出的 TOTP 验证码
     * @param scratchCodes   scratch 码
     */
    @Override
    public void saveUserCredentials(String userName, String secretKey, int validationCode, List<Integer> scratchCodes) {
        User user = this.findUser(userName);
        if(user == null) {
            throw new IllegalArgumentException();
        }

        user.setSecret(secretKey);
        this.userMapper.updateById(user);
    }

}

我们重写了 SocialStrategy 实现了登录用户也可以绑定社交账号的能力。

感谢 @738628035 的提醒，对 WeChat 系列产品进行统一处理，使用 unionId 代替默认的 openId，~~来减少微信公众号和微信分家的的隐患（雾~~

package com.liusuyun.flowersay.gateway.services;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.fujieid.jap.core.JapUser;
import com.fujieid.jap.core.JapUserService;
import com.liusuyun.flowersay.common.entities.models.User;
import com.liusuyun.flowersay.common.entities.models.UserBinding;
import com.liusuyun.flowersay.common.mappers.UserBindingMapper;
import me.zhyd.oauth.config.AuthDefaultSource;
import me.zhyd.oauth.model.AuthUser;
import org.apache.ibatis.ext.solon.Db;
import org.mindrot.jbcrypt.BCrypt;
import org.noear.solon.annotation.Component;
import org.noear.solon.core.handle.Context;

import java.util.Locale;

/**
 * @author 颖
 */
public class JapUserServiceImpl extends JapService implements JapUserService {

    @Db
    UserBindingMapper userBindingMapper;
    public static String WE_CHAT_SOURCE_PREFIX = "WECHAT";

    @Override
    public JapUser getById(String userId) {
        return this.convert(
                this.findUser(Long.parseLong(userId))
        );
    }

    @Override
    public JapUser getByName(String username) {
        return this.convert(
                this.findUser(username)
        );
    }

    @Override
    public boolean validPassword(String password, JapUser user) {
        boolean success = BCrypt.checkpw(password, user.getPassword());

        if (success) {
            // 删除敏感数据
            user.setPassword(null);
        }

        return success;
    }

    /**
     * 根据第三方平台标识（platform）和第三方平台的用户 uid 查询数据库
     *
     * @param platform 第三方平台标识
     * @param uid      第三方平台的用户 uid
     * @return JapUser
     */
    @Override
    public JapUser getByPlatformAndUid(String platform, String uid) {
        QueryWrapper<UserBinding> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("platform", AuthDefaultSource.valueOf(platform.toUpperCase(Locale.ROOT)).ordinal());
        queryWrapper.eq("open_id", uid);

        UserBinding userBinding = this.userBindingMapper.selectOne(queryWrapper);
        if (userBinding == null) {
            return null;
        }

        return this.convert(
                this.findUser(userBinding.getUserId())
        );
    }

    /**
     * 创建并获取第三方用户，相当于第三方登录成功后，将授权关系保存到数据库（开发者业务系统中 social user -> sys user 的绑定关系）
     *
     * @param userInfo JustAuth 中的 AuthUser
     * @return JapUser
     */
    @Override
    public JapUser createAndGetSocialUser(Object userInfo) {
        AuthUser authUser = (AuthUser) userInfo;
        // 对 WeChat 系列产品的用户进行特殊处理
        if(authUser.getSource().toUpperCase(Locale.ROOT).startsWith(JapUserServiceImpl.WE_CHAT_SOURCE_PREFIX)) {
            String unionId = authUser.getRawUserInfo().getString("unionId");
            if(unionId != null) {
                authUser.setUuid(unionId);
            }
        }
        // 查询绑定关系，确定当前用户是否已经登录过业务系统
        JapUser user = this.getByPlatformAndUid(authUser.getSource(), authUser.getUuid());
        if (user == null) {
            // 判断用户是否登录
            user = (JapUser) Context.current().session("_jap:session:user");
            if (user == null) {
                return null;
            }
            user.setAdditional(authUser);
            // 添加用户
            this.userBindingMapper.insert(UserBinding.builder()
                    .userId(Long.valueOf(user.getUserId()))
                    .platform(AuthDefaultSource.valueOf(authUser.getSource().toUpperCase(Locale.ROOT)).ordinal())
                    .openId(authUser.getUuid())
                    .metadata(authUser.getRawUserInfo())
                    .build()
                    .buildDate());
        }
        return user;
    }

    private JapUser convert(User user) {
        if (user == null) {
            return null;
        }
        return new JapUser()
                .setUserId(String.valueOf(user.getId()))
                .setUsername(user.getUsername())
                .setPassword(user.getPassword())
                .setAdditional(user);
    }

}

其中涉及的的模型以及数据表如下：

Something~

package com.liusuyun.flowersay.gateway.entities;

import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import com.liusuyun.flowersay.common.entities.models.Model;
import lombok.*;

/**
 * @author 颖
 */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
@TableName(value = "oauth_clients")
@EqualsAndHashCode(callSuper = true)
public class OAuthClient extends Model {

    @TableId(type = IdType.AUTO)
    private Long id;
    private Long userId;
    private String name;
    private String clientId;
    private String clientSecret;
    private String siteDomain;
    private String redirectUri;
    private String logoutUri;
    private String logo;
    private boolean available;
    private String description;
    private String scopes;
    private int grantTypes;
    private int responseTypes;
    private Long codeExpiresIn;
    private Long idTokenExpiresIn;
    private Long accessTokenExpiresIn;
    private Long refreshTokenExpiresIn;
    private Boolean autoApprove;
    private Boolean enablePkce;
    private String codeChallengeMethod;

}

/*
 Navicat Premium Data Transfer

 Source Server         : FlowerSay
 Source Server Type    : MySQL
 Source Server Version : 80028
 Source Host           : localhost:3306
 Source Schema         : flowersay

 Target Server Type    : MySQL
 Target Server Version : 80028
 File Encoding         : 65001

 Date: 23/02/2022 18:47:41
*/

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for oauth_clients
-- ----------------------------
DROP TABLE IF EXISTS `oauth_clients`;
CREATE TABLE `oauth_clients`  (
  `id` bigint UNSIGNED NOT NULL AUTO_INCREMENT,
  `user_id` bigint UNSIGNED NULL DEFAULT NULL,
  `name` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `client_id` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `client_secret` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `site_domain` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL,
  `redirect_uri` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `logout_uri` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL,
  `available` tinyint(1) NULL DEFAULT NULL,
  `logo` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL,
  `description` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL,
  `scopes` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL,
  `grant_types` tinyint(1) NOT NULL,
  `response_types` tinyint(1) NULL DEFAULT NULL,
  `code_expires_in` bigint NULL DEFAULT NULL,
  `id_token_expires_in` bigint NULL DEFAULT NULL,
  `access_token_expires_in` bigint NULL DEFAULT NULL,
  `refresh_token_expires_in` bigint NULL DEFAULT NULL,
  `auto_approve` tinyint(1) NULL DEFAULT NULL,
  `enable_pkce` tinyint(1) NULL DEFAULT NULL,
  `code_challenge_method` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL,
  `created_at` timestamp NULL DEFAULT NULL,
  `updated_at` timestamp NULL DEFAULT NULL,
  PRIMARY KEY (`id`) USING BTREE,
  INDEX `oauth_clients_user_id_index`(`user_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_unicode_ci ROW_FORMAT = DYNAMIC;

SET FOREIGN_KEY_CHECKS = 1;

package com.liusuyun.flowersay.common.entities.models;

import com.alibaba.fastjson.annotation.JSONField;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import com.liusuyun.flowersay.common.entities.Identity;
import com.liusuyun.flowersay.common.mappers.UserProfileMapper;
import lombok.*;
import org.mindrot.jbcrypt.BCrypt;
import org.noear.solon.validation.annotation.NotNull;

/**
 * @author 颖
 */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
@TableName(value = "users")
@EqualsAndHashCode(callSuper = true)
public class User extends Model implements Identity {

    @NotNull
    @TableId(type = IdType.AUTO)
    private Long id;
    private String uuid;
    private String email;
    private String username;
    @JSONField(serialize = false)
    private String password;
    @JSONField(serialize = false)
    private String secret;

    public UserProfile profile() {
        return this.hasOne(UserProfileMapper.class, "id", "id");
    }

    public User encrypt() {
        this.password = BCrypt.hashpw(this.password, BCrypt.gensalt());
        return this;
    }

    public boolean authenticate(String password) {
        return BCrypt.checkpw(password, this.password);
    }

}

/*
 Navicat Premium Data Transfer

 Source Server         : FlowerSay
 Source Server Type    : MySQL
 Source Server Version : 80028
 Source Host           : localhost:3306
 Source Schema         : flowersay

 Target Server Type    : MySQL
 Target Server Version : 80028
 File Encoding         : 65001

 Date: 23/02/2022 18:48:50
*/

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users`  (
  `id` bigint UNSIGNED NOT NULL AUTO_INCREMENT COMMENT 'UID',
  `uuid` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT 'UUID',
  `email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT '邮箱',
  `username` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT '用户名',
  `password` binary(60) NOT NULL COMMENT '密码',
  `secret` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT 'Mfa Secret',
  `created_at` timestamp NOT NULL COMMENT '创建时间',
  `updated_at` timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
  PRIMARY KEY (`id`) USING BTREE,
  UNIQUE INDEX `unique`(`email`, `username`) USING BTREE,
  INDEX `id`(`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = DYNAMIC;

SET FOREIGN_KEY_CHECKS = 1;

package com.liusuyun.flowersay.common.entities.models;

import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import com.baomidou.mybatisplus.extension.handlers.FastjsonTypeHandler;
import lombok.*;

/**
 * @author 颖
 */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
@TableName(value = "user_bindings")
@EqualsAndHashCode(callSuper = true)
public class UserBinding extends Model {

    @TableId(type = IdType.AUTO)
    private Long id;
    private Long userId;
    private Integer platform;
    private String openId;
    @TableField(typeHandler = FastjsonTypeHandler.class)
    private JSONObject metadata;

}

/*
 Navicat Premium Data Transfer

 Source Server         : FlowerSay
 Source Server Type    : MySQL
 Source Server Version : 80028
 Source Host           : localhost:3306
 Source Schema         : flowersay

 Target Server Type    : MySQL
 Target Server Version : 80028
 File Encoding         : 65001

 Date: 23/02/2022 18:48:50
*/

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for user_bindings
-- ----------------------------
DROP TABLE IF EXISTS `user_bindings`;
CREATE TABLE `user_bindings`  (
  `id` bigint UNSIGNED NOT NULL AUTO_INCREMENT,
  `user_id` bigint UNSIGNED NOT NULL,
  `platform` tinyint NOT NULL,
  `open_id` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
  `metadata` json NOT NULL,
  `created_at` datetime NOT NULL,
  `updated_at` datetime NOT NULL ON UPDATE CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`) USING BTREE,
  INDEX `user_bindings_ibfk_1`(`user_id`) USING BTREE,
  INDEX `platform`(`platform`) USING BTREE,
  INDEX `open_id`(`open_id`) USING BTREE,
  CONSTRAINT `user_bindings_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;

在上述服务实现后，你还需要通过 Solon 的 Aop 将实现注入进去：

Just Auth Plus 本身具使用 ServiceLoader 加载数据的能力，但是由于 Solon 的类加载机制在某些情况下可能不能实现加载，所以建议使用一定会成功的 Aop 注入方式。

由于 JapMfaService 注入名称为 JapMfaService，所以不能直接将 JapMfaServcieImpl 当做名称注入进去。

package com.liusuyun.flowersay.gateway.configurations;

import com.fujieid.jap.ids.context.IdsContext;
import com.fujieid.jap.ids.solon.IdsCacheImpl;
import com.fujieid.jap.sso.JapMfaService;
import com.liusuyun.flowersay.gateway.services.IdsClientDetailServiceImpl;
import com.liusuyun.flowersay.gateway.services.IdsIdentityServiceImpl;
import com.liusuyun.flowersay.gateway.services.IdsUserServiceImpl;
import com.liusuyun.flowersay.gateway.services.JapMfaServiceImpl;
import org.noear.solon.annotation.Bean;
import org.noear.solon.annotation.Configuration;
import org.noear.solon.annotation.Inject;
import org.noear.solon.core.Aop;
import org.noear.solon.core.BeanWrap;

/**
 * @author 颖
 */
@Configuration
public class JapConfig {

    @Bean
    public void ids(@Inject IdsContext context) {
        context.setCache(Aop.getOrNew(IdsCacheImpl.class));
        context.setClientDetailService(Aop.getOrNew(IdsClientDetailServiceImpl.class));
        context.setIdentityService(Aop.getOrNew(IdsIdentityServiceImpl.class));
        context.setUserService(Aop.getOrNew(IdsUserServiceImpl.class));
    }
    
    @Bean 
    public void core() {
        JapMfaServiceImpl japMfaService = Aop.getOrNew(JapMfaServiceImpl.class);
        Aop.wrapAndPut(JapMfaService.class, japMfaService);
    }

}

内置 Controller 概览

你可以在每一个 Just Auth Plus 请求后携带参数 next={} 来标明这次请求不属于前后端分离的请求，相关操作完成后将会跳转到 next 指定的地址而不是直接返回 JSON 数据。Next 地址白名单配置见上方配置文件详解。!!! /auth/social/{platform} !!! 请求必须携带 next 参数用于第三方回调后的跳转。

在每一次请求跳转后，你可以使用 Context.current().session(JAP_LAST_RESPONSE_KEY);，获取该请求中上一个产生的 JapResponse。

Just Auth Plus
POST /auth/login
GET/POST /auth/social/{platform}
GET /account/current
GET /auth/mfa/generate
POST /auth/mfa/verify
Just Auth Plus Identity Server
GET 服务发现：/.well-known/openid-configuration
GET 解密公钥：/.well-known/jwks.json
GET 获取授权：/oauth/authorize 跳转页面（登录页面或者回调页面）
POST 同意授权：/oauth/authorize 同意授权（在确认授权之后）
GET 自动授权：/oauth/authorize/auto 自动授权（不会显示确认授权页面）
GET 确认授权：/oauth/confirm 登录完成后的确认授权页面
GET/POST 获取/刷新Token：/oauth/token
GET/POST 收回Token：/oauth/revoke_token
GET/POST 用户详情：/oauth/userinfo
GET check session：/oauth/check_session
GET 授权异常：/oauth/error
GET 登录：/oauth/login 跳转到登录页面
POST 登录：/oauth/login 执行登录表单
GET 退出登录：/oauth/logout

撒花~

最后修改：2022 年 03 月 25 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

Jap for Solon - 官方食用指南

sxsx欧克 • 2022 年 02 月 22 日

<h2>概述</h2><p>将 Just Auth Plus 以及 Just Auth Plus Identity Server 适配进 Solon，弥补了 Solon 缺少完整的认证体系的问题，为所有使用 Solon 进行快速开发的你们提供了更加方便的工具。</p><p><div class="tip inlineBlock warning">

Just Auth Plus 方面目前只完成了 Simple、Socail 以及 Mfa 部分，如果你对 OICD、LADP、HTTP API 的适配有需求，请添加 QQ 群 <code>22200020</code>，大鸽子浅念子会光速适配。
</div></p><h2>开始食用</h2><p>你需要引入我们已经适配好的依赖来引入整个体系，当然如果你只使用其中一个也可以只引用其中一个：</p><pre><code>&lt;dependency&gt;
    &lt;groupId&gt;org.noear&lt;/groupId&gt;
    &lt;artifactId&gt;jap-solon-plugin&lt;/artifactId&gt;
 &lt;/dependency&gt;
&lt;dependency&gt;
     &lt;groupId&gt;org.noear&lt;/groupId&gt;
     &lt;artifactId&gt;jap-ids-solon-plugin&lt;/artifactId&gt; 
&lt;/dependency&gt;</code></pre><p>Maven Reload!</p><p>借这个机会我们来趁机配置一下这两个组件（在你的 app.yml 中）：</p><pre><code>jap:
  # Auth 控制器注册根路径
  authPath: /auth
  # Account 控制器注册根路径
  accountPath: /account
  # 生成 Mfa QRCode 时 Issuer
  issuer: SakuraImpression
  # JapConfig 映射
  japConfig:
    # 是否启用单点登录
    sso: true
    # SSOConfig 映射
    ssoConfig:
      # 指定了 Cookie 使用的域名
      cookieDomain: 127.0.0.1:6040
  # SimpleConfig 映射
  # !!! 指定该项启动 Simple !!!
  simpleConfig:
    # 指定了 remberMe 加密的 盐
    credentialEncryptSalt: a1f735ed0cffd6f5ea80f8ee7ba68d02
  # 社会化登录第三方整数列表
  # 其中的每一项均为 AuthConfig 映射
  # !!! 指定该项启动 Social !!!
  credentials:
    gitee:
      clientId: b002b405304bd0b384029e8b04017349026bcca5cfe73cc6f5ca047cc4fe9241
      clientSecret: 7942f86793e5fc1b73f8e3b2f2ee1925b0c9e923b0819a32097048bbeb15b5
      redirectUri: http://127.0.0.1:6040/auth/social/gitee
    github:
      clientId: c394492091a984o659bc
      clientSecret: 60c82d553f1b0dac17f2164eabc4ac63ffc831ca
      redirectUri: http://127.0.0.1:6040/auth/social/github/callback
  # 下一跳地址白名单，验证成功或失败后的跳转地址
  # 更是确定是否为前后端分离的重要请求参数
  nexts:
    - https://passport.liusuyun.com/
    - /auth/social/bind
    - http://127.0.0.1:8000/auth/social#data={data}&amp;code={code}
  # Just Auth Plus Identity Server 配置
  ids:
    # 全部控制器注册的根路径，默认为 /oauth
    basePath: /auth/o
    # IdsConfig 映射
    config:
      # 服务根路径，用于 服务发现
      issuer: http://127.0.0.1:6040
      # Jwt 密钥配置
      jwtConfig:
        jwksKeyId: jap-jwk-keyid
        jwksJson: |-
          {
            &quot;keys&quot;: [
              {
                &quot;p&quot;: &quot;v5G0QPkr9zi1znff2g7p5K1ac1F2KNjXmk31Etl0UrRBwHiTxM_MkkldGlxnXWoFL4_cPZZMt_W14Td5qApknLFOh9iRWRPwqlFgC-eQzUjPeYvxjRbtV5QUHtbzrDCLjLiSNyhsLXHyi_yOawD2BS4U6sBWMSJlL2lShU7EAaU&quot;,
                &quot;kty&quot;: &quot;RSA&quot;,
                &quot;q&quot;: &quot;s2X9UeuEWky_io9hFAoHZjBxMBheNAGrHXtWat6zlg2tf_SIKpZ7Xs8C_-kr9Pvj-D428QsOjFZE-EtNBSXoMrvlMk7fGDl9x1dHvLS9GSitkXH2-Wthg8j0j0nfAmyEt94jP-XEkYic1Ok7EfBOPuvL21HO7YuB-cOff9ZGvBk&quot;,
                &quot;d&quot;: &quot;Rj-QBeBdx85VIHkwVY1T94ZeeC_Z6Zw-cz5lk5Msw0U9QhSTWo28-d2lYjK7dhQn-E19JhTbCVE11UuUqENKZmO__yRgO1UJaj2x6vWMtgJptah7m8lI-QW0w6TnVxAHWfRPpKSEfbN4SpeufYf5PYhmmzT0A954Z2o0kqS4iHd0gwNAovOXaxriGXO1CcOQjBFEcm0BdboQZ7CKCoJ1D6S0xZpVFSJg-1AtagY5dzStyekzETO2tQSmVw4ogIoJsIbu3aYwbukmCoULQfJ36D0mPzrTG5oocEbbuCps_vH72VjZORHHAl4hwritFT_jD2bdQHSNMGukga8C0L1WQQ&quot;,
                &quot;e&quot;: &quot;AQAB&quot;,
                &quot;use&quot;: &quot;sig&quot;,
                &quot;kid&quot;: &quot;jap-jwk-keyid&quot;,
                &quot;qi&quot;: &quot;Asr5dZMDvwgquE6uFnDaBC76PY5JUzxQ5wY5oc4nhIm8UxQWwYZTWq-HOWkMB5c99fG1QxLWQKGtsguXfOXoNgnI--yHzLZcXf1XAd0siguaF1cgQIqwRUf4byofE6uJ-2ZON_ezn6Uvly8fDIlgwmKAiiwWvHI4iLqvqOReBgs&quot;,
                &quot;dp&quot;: &quot;oIUzuFnR6FcBqJ8z2KE0haRorUZuLy38A1UdbQz_dqmKiv--OmUw8sc8l3EkP9ctvzvZfVWqtV7TZ4M3koIa6l18A0KKEE0wFVcYlwETiaBgEWYdIm86s27mKS1Og1MuK90gz800UCQx6_DVWX41qAOEDWzbDFLY3JBxUDi-7u0&quot;,
                &quot;alg&quot;: &quot;RS256&quot;,
                &quot;dq&quot;: &quot;MpNSM0IecgapCTsatzeMlnaZsmFsTWUbBJi86CwYnPkGLMiXisoZxcS-p77osYxB3L5NZu8jDtVTZFx2PjlNmN_34ZLyujWbDBPDGaQqm2koZZSnd_GZ8Dk7GRpOULSfRebOMTlpjU3iSPPnv0rsBDkdo5sQp09pOSy5TqTuFCE&quot;,
                &quot;n&quot;: &quot;hj8zFdhYFi-47PO4B4HTRuOLPR_rpZJi66g4JoY4gyhb5v3Q57etSU9BnW9QQNoUMDvhCFSwkz0hgY5HqVj0zOG5s9x2a594UDIinKsm434b-pT6bueYdvM_mIUEKka5pqhy90wTTka42GvM-rBATHPTarq0kPTR1iBtYao8zX-RWmCbdumEWOkMFUGbBkUcOSJWzoLzN161WdYr2kJU5PFraUP3hG9fPpMEtvqd6IwEL-MOVx3nqc7zk3D91E6eU7EaOy8nz8echQLl6Ps34BSwEpgOhaHDD6IJzetW-KorYeC0r0okXhrl0sUVE2c71vKPVVtueJSIH6OwA3dVHQ&quot;
              }
            ]
          }</code></pre><p><div class="tip inlineBlock success">

文中所指的映射是指该条目中的配置项会使用 <code>Snack3</code> 通过反射的方式，注入生成相关 Bean 实例，所以该类下的所有字段你都可以自由配置。
</div></p><hr><h2>相关服务实现与注入</h2><p><div class="tip inlineBlock info">

以下服务的实现仅供参考，请根据具体业务逻辑来调整。
</div></p><p><div class="tab-container post_tab box-shadow-wrap-lg">
<ul class="nav no-padder b-b scroll-hide" role="tablist">
<li class='nav-item active' role="presentation"><a class='nav-link active' style="" data-toggle="tab" 
aria-controls='tabs-c04cd39e4695284f25cd8b8192187fda110' role="tab" data-target='#tabs-c04cd39e4695284f25cd8b8192187fda110'>JapService</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-0011afa5be712ef9c15ced9b9c46541811' role="tab" data-target='#tabs-0011afa5be712ef9c15ced9b9c46541811'>IdsClientDetailService</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-ce025c4319e63a91f140f1b30e235863302' role="tab" data-target='#tabs-ce025c4319e63a91f140f1b30e235863302'>IdsIdentityServiceImpl</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-af1995dcbc37fcd0119ce95bb8906243273' role="tab" data-target='#tabs-af1995dcbc37fcd0119ce95bb8906243273'>IdsUserServiceImpl</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-22c4f8467d6f7445b2c8b2d863de3b5e54' role="tab" data-target='#tabs-22c4f8467d6f7445b2c8b2d863de3b5e54'>JapMfaService</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-77248e244fc484ac432664f44552d7e3675' role="tab" data-target='#tabs-77248e244fc484ac432664f44552d7e3675'>JapUserService</a></li>
</ul>
<div class="tab-content no-border">
<div role="tabpanel" id='tabs-c04cd39e4695284f25cd8b8192187fda110' class="tab-pane fade active in">
            </p><p><div class="tip inlineBlock success">

我们推荐封装一个公共 Service 用于用户查询，因为会反复使用相同代码。
</div></p><pre><code>package com.liusuyun.flowersay.gateway.services;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.liusuyun.flowersay.common.entities.models.User;
import com.liusuyun.flowersay.common.mappers.UserMapper;
import com.liusuyun.flowersay.common.utils.AbstractUtils;
import org.apache.ibatis.ext.solon.Db;

/**
 * @author 颖
 */
public abstract class JapService extends AbstractUtils {

@Db
    UserMapper userMapper;

protected User findUser(String username) {
        QueryWrapper&lt;User&gt; queryWrapper = new QueryWrapper&lt;&gt;();
        queryWrapper.eq(&quot;username&quot;, username)
                .or().eq(&quot;email&quot;, username);

return this.userMapper.selectOne(queryWrapper);
    }

protected User findUser(Long id) {
        return this.userMapper.selectById(id);
    }

}</code></pre><p></div><div role="tabpanel" id='tabs-0011afa5be712ef9c15ced9b9c46541811' class="tab-pane fade  ">
            </p><pre><code>package com.liusuyun.flowersay.gateway.services;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.fujieid.jap.ids.model.ClientDetail;
import com.fujieid.jap.ids.model.enums.GrantType;
import com.fujieid.jap.ids.model.enums.ResponseType;
import com.fujieid.jap.ids.service.IdsClientDetailService;
import com.liusuyun.flowersay.gateway.entities.OAuthClient;
import com.liusuyun.flowersay.gateway.mappers.OAuthClientMapper;
import org.apache.ibatis.ext.solon.Db;
import org.noear.solon.annotation.Component;
import org.noear.solon.annotation.Inject;

import java.util.List;
import java.util.stream.Collectors;

/**
 * @author 颖
 * @version 1.0.0
 * @date 2021-04-14 10:27
 * @since 1.0.0
 */
public class IdsClientDetailServiceImpl implements IdsClientDetailService {

@Db
    OAuthClientMapper oAuthClientMapper;

/**
     * 通过 client_id 查询客户端信息
     *
     * @param clientId 客户端应用id
     * @return AppOauthClientDetails
     */
    @Override
    public ClientDetail getByClientId(String clientId) {
        QueryWrapper&lt;OAuthClient&gt; queryWrapper = new QueryWrapper&lt;&gt;();
        queryWrapper.eq(&quot;client_id&quot;, clientId);

return this.convert(
                this.oAuthClientMapper.selectOne(queryWrapper)
        );
    }

/**
     * Add client
     *
     * @param clientDetail Client application details
     * @return ClientDetail
     */
    @Override
    public ClientDetail add(ClientDetail clientDetail) {
        return IdsClientDetailService.super.add(clientDetail);
    }

/**
     * Modify the client
     *
     * @param clientDetail Client application details
     * @return ClientDetail
     */
    @Override
    public ClientDetail update(ClientDetail clientDetail) {
        return IdsClientDetailService.super.update(clientDetail);
    }

/**
     * Delete client by primary key
     *
     * @param id Primary key of the client application
     * @return boolean
     */
    @Override
    public boolean removeById(String id) {
        this.oAuthClientMapper.deleteById(Long.parseLong(id));
        return true;
    }

/**
     * Delete client by client id
     *
     * @param clientId Client application id
     * @return ClientDetail
     */
    @Override
    public boolean removeByClientId(String clientId) {
        QueryWrapper&lt;OAuthClient&gt; queryWrapper = new QueryWrapper&lt;&gt;();
        queryWrapper.eq(&quot;client_id&quot;, clientId);

this.oAuthClientMapper.delete(queryWrapper);
        return true;
    }

/**
     * 获取所有 client detail
     *
     * @return List
     */
    @Override
    public List&lt;ClientDetail&gt; getAllClientDetail() {
        return this.oAuthClientMapper.selectList(new QueryWrapper&lt;&gt;())
                .stream()
                .map(this::convert)
                .collect(Collectors.toList());
    }

private ClientDetail convert(OAuthClient client) {
        if(client == null) {
            return null;
        }
        return new ClientDetail()
                .setId(String.valueOf(client.getId()))
                .setAppName(client.getName())
                .setClientId(client.getClientId())
                .setClientSecret(client.getClientSecret())
                .setSiteDomain(client.getSiteDomain())
                .setRedirectUri(client.getRedirectUri())
                .setLogoutRedirectUri(client.getLogoutUri())
                .setLogo(client.getLogo())
                .setAvailable(client.isAvailable())
                .setDescription(client.getDescription())
                .setScopes(client.getScopes())
                .setGrantTypes(GrantType.values()[client.getGrantTypes()].getType())
                .setResponseTypes(ResponseType.values()[client.getResponseTypes()].getType())
                .setCodeExpiresIn(client.getCodeExpiresIn())
                .setIdTokenExpiresIn(client.getIdTokenExpiresIn())
                .setAccessTokenExpiresIn(client.getAccessTokenExpiresIn())
                .setRefreshTokenExpiresIn(client.getRefreshTokenExpiresIn())
                .setAutoApprove(client.getAutoApprove())
                .setEnablePkce(client.getEnablePkce())
                .setCodeChallengeMethod(client.getCodeChallengeMethod());
    }

}</code></pre><p></div><div role="tabpanel" id='tabs-ce025c4319e63a91f140f1b30e235863302' class="tab-pane fade  ">
            </p><pre><code>package com.liusuyun.flowersay.gateway.services;

import com.fujieid.jap.ids.config.JwtConfig;
import com.fujieid.jap.ids.service.IdsIdentityService;
import org.noear.solon.annotation.Component;

/**
 * @author 颖
 * @version 1.0.0
 * @date 2021-04-16 16:32
 * @since 1.0.0
 */
public class IdsIdentityServiceImpl implements IdsIdentityService {

/**
     * Get the jwt token encryption key string
     *
     * @param identity User/organization/enterprise identification
     * @return Encryption key string in json format
     */
    @Override
    public String getJwksJson(String identity) {
        return IdsIdentityService.super.getJwksJson(identity);
    }

/**
     * Get the configuration of jwt token encryption
     *
     * @param identity User/organization/enterprise identification
     * @return Encryption key string in json format
     */
    @Override
    public JwtConfig getJwtConfig(String identity) {
        return IdsIdentityService.super.getJwtConfig(identity);
    }

}</code></pre><p></div><div role="tabpanel" id='tabs-af1995dcbc37fcd0119ce95bb8906243273' class="tab-pane fade  ">
            </p><pre><code>package com.liusuyun.flowersay.gateway.services;

import com.fujieid.jap.ids.model.UserInfo;
import com.fujieid.jap.ids.service.IdsUserService;
import com.liusuyun.flowersay.common.entities.models.User;
import org.noear.solon.annotation.Component;

/**
 * @author 颖
 * @version 1.0.0
 * @date 2021-04-14 10:27
 * @since 1.0.0
 */
public class IdsUserServiceImpl extends JapService implements IdsUserService {

/**
     * Login with account and password
     *
     * @param username account number
     * @param password password
     * @return UserInfo
     */
    @Override
    public UserInfo loginByUsernameAndPassword(String username, String password, String clientId) {
        User user = this.findUser(username);
        if (user != null) {
            if (user.authenticate(password)) {
                return this.convert(user);
            }
        }
        return null;
    }

/**
     * Get user info by userid.
     *
     * @param userId userId of the business system
     * @return UserInfo
     */
    @Override
    public UserInfo getById(String userId) {
        return this.convert(
                this.findUser(Long.parseLong(userId))
        );
    }

/**
     * Get user info by username.
     *
     * @param username username of the business system
     * @return UserInfo
     */
    @Override
    public UserInfo getByName(String username, String clientId) {
        return this.convert(
                this.findUser(username)
        );
    }

private UserInfo convert(User user) {
        if (user == null) {
            return null;
        }
        return new UserInfo()
                .setId(String.valueOf(user.getId()))
                .setUsername(user.getUsername())
                .setEmail(user.getEmail());
    }

}</code></pre><p></div><div role="tabpanel" id='tabs-22c4f8467d6f7445b2c8b2d863de3b5e54' class="tab-pane fade  ">
            </p><pre><code>package com.liusuyun.flowersay.gateway.services;

import com.fujieid.jap.sso.JapMfaService;
import com.liusuyun.flowersay.common.entities.models.User;

import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/**
 * @author 颖
 */
public class JapMfaServiceImpl extends JapService implements JapMfaService {

/**
     * 根据帐号查询 secretKey
     *
     * @param userName 申请 secretKey 的用户
     * @return secretKey
     */
    @Override
    public String getSecretKey(String userName) {
        User user = this.findUser(userName);
        return user == null ? null : user.getSecret();
    }

/**
     * 将 secretKey 关联 userName 后进行保存，可以存入数据库也可以存入其他缓存媒介中
     *
     * @param userName       用户名
     * @param secretKey      申请到的 secretKey
     * @param validationCode 当前计算出的 TOTP 验证码
     * @param scratchCodes   scratch 码
     */
    @Override
    public void saveUserCredentials(String userName, String secretKey, int validationCode, List&lt;Integer&gt; scratchCodes) {
        User user = this.findUser(userName);
        if(user == null) {
            throw new IllegalArgumentException();
        }

user.setSecret(secretKey);
        this.userMapper.updateById(user);
    }

}</code></pre><p></div><div role="tabpanel" id='tabs-77248e244fc484ac432664f44552d7e3675' class="tab-pane fade  ">
            </p><p><div class="tip inlineBlock success">

我们重写了 SocialStrategy 实现了登录用户也可以绑定社交账号的能力。
</div><br><div class="tip inlineBlock warning">

感谢 @738628035 的提醒，对 WeChat 系列产品进行统一处理，使用 unionId 代替默认的 openId，<del>来减少 微信公众号 和 微信 分家的的隐患（雾</del>
</div></p><pre><code>package com.liusuyun.flowersay.gateway.services;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.fujieid.jap.core.JapUser;
import com.fujieid.jap.core.JapUserService;
import com.liusuyun.flowersay.common.entities.models.User;
import com.liusuyun.flowersay.common.entities.models.UserBinding;
import com.liusuyun.flowersay.common.mappers.UserBindingMapper;
import me.zhyd.oauth.config.AuthDefaultSource;
import me.zhyd.oauth.model.AuthUser;
import org.apache.ibatis.ext.solon.Db;
import org.mindrot.jbcrypt.BCrypt;
import org.noear.solon.annotation.Component;
import org.noear.solon.core.handle.Context;

import java.util.Locale;

/**
 * @author 颖
 */
public class JapUserServiceImpl extends JapService implements JapUserService {

@Db
    UserBindingMapper userBindingMapper;
    public static String WE_CHAT_SOURCE_PREFIX = &quot;WECHAT&quot;;

@Override
    public JapUser getById(String userId) {
        return this.convert(
                this.findUser(Long.parseLong(userId))
        );
    }

@Override
    public JapUser getByName(String username) {
        return this.convert(
                this.findUser(username)
        );
    }

@Override
    public boolean validPassword(String password, JapUser user) {
        boolean success = BCrypt.checkpw(password, user.getPassword());

if (success) {
            // 删除敏感数据
            user.setPassword(null);
        }

return success;
    }

/**
     * 根据第三方平台标识（platform）和第三方平台的用户 uid 查询数据库
     *
     * @param platform 第三方平台标识
     * @param uid      第三方平台的用户 uid
     * @return JapUser
     */
    @Override
    public JapUser getByPlatformAndUid(String platform, String uid) {
        QueryWrapper&lt;UserBinding&gt; queryWrapper = new QueryWrapper&lt;&gt;();
        queryWrapper.eq(&quot;platform&quot;, AuthDefaultSource.valueOf(platform.toUpperCase(Locale.ROOT)).ordinal());
        queryWrapper.eq(&quot;open_id&quot;, uid);

UserBinding userBinding = this.userBindingMapper.selectOne(queryWrapper);
        if (userBinding == null) {
            return null;
        }

return this.convert(
                this.findUser(userBinding.getUserId())
        );
    }

/**
     * 创建并获取第三方用户，相当于第三方登录成功后，将授权关系保存到数据库（开发者业务系统中 social user -&gt; sys user 的绑定关系）
     *
     * @param userInfo JustAuth 中的 AuthUser
     * @return JapUser
     */
    @Override
    public JapUser createAndGetSocialUser(Object userInfo) {
        AuthUser authUser = (AuthUser) userInfo;
        // 对 WeChat 系列产品的用户进行特殊处理
        if(authUser.getSource().toUpperCase(Locale.ROOT).startsWith(JapUserServiceImpl.WE_CHAT_SOURCE_PREFIX)) {
            String unionId = authUser.getRawUserInfo().getString(&quot;unionId&quot;);
            if(unionId != null) {
                authUser.setUuid(unionId);
            }
        }
        // 查询绑定关系，确定当前用户是否已经登录过业务系统
        JapUser user = this.getByPlatformAndUid(authUser.getSource(), authUser.getUuid());
        if (user == null) {
            // 判断用户是否登录
            user = (JapUser) Context.current().session(&quot;_jap:session:user&quot;);
            if (user == null) {
                return null;
            }
            user.setAdditional(authUser);
            // 添加用户
            this.userBindingMapper.insert(UserBinding.builder()
                    .userId(Long.valueOf(user.getUserId()))
                    .platform(AuthDefaultSource.valueOf(authUser.getSource().toUpperCase(Locale.ROOT)).ordinal())
                    .openId(authUser.getUuid())
                    .metadata(authUser.getRawUserInfo())
                    .build()
                    .buildDate());
        }
        return user;
    }

private JapUser convert(User user) {
        if (user == null) {
            return null;
        }
        return new JapUser()
                .setUserId(String.valueOf(user.getId()))
                .setUsername(user.getUsername())
                .setPassword(user.getPassword())
                .setAdditional(user);
    }

}</code></pre><p></div>
</div>
</div></p><p>其中涉及的的模型以及数据表如下：</p><p><div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-300cf0aec8adac224d46d15fe3ced6d715" aria-expanded="true"><div class="accordion-toggle"><span style="">Something~</span>
<i class="pull-right fontello icon-fw fontello-angle-right"></i>
</div>
</div>
<div class="panel-body collapse-panel-body">
<div id="collapse-300cf0aec8adac224d46d15fe3ced6d715" class="collapse collapse-content"><p></p></p><p><div class="tab-container post_tab box-shadow-wrap-lg">
<ul class="nav no-padder b-b scroll-hide" role="tablist">
<li class='nav-item active' role="presentation"><a class='nav-link active' style="" data-toggle="tab" 
aria-controls='tabs-dd5fa23bdddb3344bdf68ed2ae2397f6330' role="tab" data-target='#tabs-dd5fa23bdddb3344bdf68ed2ae2397f6330'>OAuthClient</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-a9fb304b5a3ed0c7643d607e69b931dd531' role="tab" data-target='#tabs-a9fb304b5a3ed0c7643d607e69b931dd531'>oauth_clients</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-6c2f2889ec26d32138534fce55e1f037412' role="tab" data-target='#tabs-6c2f2889ec26d32138534fce55e1f037412'>User</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-becaf12da3f1aebcee721b7403d55446753' role="tab" data-target='#tabs-becaf12da3f1aebcee721b7403d55446753'>users</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-ebcb7a79a85ff49c48288b14c2409a4e614' role="tab" data-target='#tabs-ebcb7a79a85ff49c48288b14c2409a4e614'>UserBinding</a></li><li class='nav-item ' role="presentation"><a class='nav-link ' style="" data-toggle="tab" 
aria-controls='tabs-76c83b52eeaedd16cc8e5a5436166b24805' role="tab" data-target='#tabs-76c83b52eeaedd16cc8e5a5436166b24805'>user_bindings</a></li>
</ul>
<div class="tab-content no-border">
<div role="tabpanel" id='tabs-dd5fa23bdddb3344bdf68ed2ae2397f6330' class="tab-pane fade active in">
            </p><pre><code>package com.liusuyun.flowersay.gateway.entities;

import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import com.liusuyun.flowersay.common.entities.models.Model;
import lombok.*;

/**
 * @author 颖
 */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
@TableName(value = &quot;oauth_clients&quot;)
@EqualsAndHashCode(callSuper = true)
public class OAuthClient extends Model {

@TableId(type = IdType.AUTO)
    private Long id;
    private Long userId;
    private String name;
    private String clientId;
    private String clientSecret;
    private String siteDomain;
    private String redirectUri;
    private String logoutUri;
    private String logo;
    private boolean available;
    private String description;
    private String scopes;
    private int grantTypes;
    private int responseTypes;
    private Long codeExpiresIn;
    private Long idTokenExpiresIn;
    private Long accessTokenExpiresIn;
    private Long refreshTokenExpiresIn;
    private Boolean autoApprove;
    private Boolean enablePkce;
    private String codeChallengeMethod;

}</code></pre><p></div><div role="tabpanel" id='tabs-a9fb304b5a3ed0c7643d607e69b931dd531' class="tab-pane fade  ">
            </p><pre><code>/*
 Navicat Premium Data Transfer

Source Server         : FlowerSay
 Source Server Type    : MySQL
 Source Server Version : 80028
 Source Host           : localhost:3306
 Source Schema         : flowersay

Target Server Type    : MySQL
 Target Server Version : 80028
 File Encoding         : 65001

Date: 23/02/2022 18:47:41
*/

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for oauth_clients
-- ----------------------------
DROP TABLE IF EXISTS `oauth_clients`;
CREATE TABLE `oauth_clients`  (
  `id` bigint UNSIGNED NOT NULL AUTO_INCREMENT,
  `user_id` bigint UNSIGNED NULL DEFAULT NULL,
  `name` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `client_id` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `client_secret` varchar(100) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `site_domain` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL,
  `redirect_uri` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  `logout_uri` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL,
  `available` tinyint(1) NULL DEFAULT NULL,
  `logo` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL,
  `description` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL,
  `scopes` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL,
  `grant_types` tinyint(1) NOT NULL,
  `response_types` tinyint(1) NULL DEFAULT NULL,
  `code_expires_in` bigint NULL DEFAULT NULL,
  `id_token_expires_in` bigint NULL DEFAULT NULL,
  `access_token_expires_in` bigint NULL DEFAULT NULL,
  `refresh_token_expires_in` bigint NULL DEFAULT NULL,
  `auto_approve` tinyint(1) NULL DEFAULT NULL,
  `enable_pkce` tinyint(1) NULL DEFAULT NULL,
  `code_challenge_method` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL,
  `created_at` timestamp NULL DEFAULT NULL,
  `updated_at` timestamp NULL DEFAULT NULL,
  PRIMARY KEY (`id`) USING BTREE,
  INDEX `oauth_clients_user_id_index`(`user_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_unicode_ci ROW_FORMAT = DYNAMIC;

SET FOREIGN_KEY_CHECKS = 1;</code></pre><p></div><div role="tabpanel" id='tabs-6c2f2889ec26d32138534fce55e1f037412' class="tab-pane fade  ">
            </p><pre><code>package com.liusuyun.flowersay.common.entities.models;

import com.alibaba.fastjson.annotation.JSONField;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import com.liusuyun.flowersay.common.entities.Identity;
import com.liusuyun.flowersay.common.mappers.UserProfileMapper;
import lombok.*;
import org.mindrot.jbcrypt.BCrypt;
import org.noear.solon.validation.annotation.NotNull;

/**
 * @author 颖
 */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
@TableName(value = &quot;users&quot;)
@EqualsAndHashCode(callSuper = true)
public class User extends Model implements Identity {

@NotNull
    @TableId(type = IdType.AUTO)
    private Long id;
    private String uuid;
    private String email;
    private String username;
    @JSONField(serialize = false)
    private String password;
    @JSONField(serialize = false)
    private String secret;

public UserProfile profile() {
        return this.hasOne(UserProfileMapper.class, &quot;id&quot;, &quot;id&quot;);
    }

public User encrypt() {
        this.password = BCrypt.hashpw(this.password, BCrypt.gensalt());
        return this;
    }

public boolean authenticate(String password) {
        return BCrypt.checkpw(password, this.password);
    }

}</code></pre><p></div><div role="tabpanel" id='tabs-becaf12da3f1aebcee721b7403d55446753' class="tab-pane fade  ">
            </p><pre><code>/*
 Navicat Premium Data Transfer

Source Server         : FlowerSay
 Source Server Type    : MySQL
 Source Server Version : 80028
 Source Host           : localhost:3306
 Source Schema         : flowersay

Target Server Type    : MySQL
 Target Server Version : 80028
 File Encoding         : 65001

Date: 23/02/2022 18:48:50
*/

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users`  (
  `id` bigint UNSIGNED NOT NULL AUTO_INCREMENT COMMENT 'UID',
  `uuid` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT 'UUID',
  `email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT '邮箱',
  `username` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT '用户名',
  `password` binary(60) NOT NULL COMMENT '密码',
  `secret` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT 'Mfa Secret',
  `created_at` timestamp NOT NULL COMMENT '创建时间',
  `updated_at` timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
  PRIMARY KEY (`id`) USING BTREE,
  UNIQUE INDEX `unique`(`email`, `username`) USING BTREE,
  INDEX `id`(`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = DYNAMIC;

SET FOREIGN_KEY_CHECKS = 1;</code></pre><p></div><div role="tabpanel" id='tabs-ebcb7a79a85ff49c48288b14c2409a4e614' class="tab-pane fade  ">
            </p><pre><code>package com.liusuyun.flowersay.common.entities.models;

import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import com.baomidou.mybatisplus.extension.handlers.FastjsonTypeHandler;
import lombok.*;

/**
 * @author 颖
 */
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
@TableName(value = &quot;user_bindings&quot;)
@EqualsAndHashCode(callSuper = true)
public class UserBinding extends Model {

@TableId(type = IdType.AUTO)
    private Long id;
    private Long userId;
    private Integer platform;
    private String openId;
    @TableField(typeHandler = FastjsonTypeHandler.class)
    private JSONObject metadata;

}</code></pre><p></div><div role="tabpanel" id='tabs-76c83b52eeaedd16cc8e5a5436166b24805' class="tab-pane fade  ">
            </p><pre><code>/*
 Navicat Premium Data Transfer

Source Server         : FlowerSay
 Source Server Type    : MySQL
 Source Server Version : 80028
 Source Host           : localhost:3306
 Source Schema         : flowersay

Target Server Type    : MySQL
 Target Server Version : 80028
 File Encoding         : 65001

Date: 23/02/2022 18:48:50
*/

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for user_bindings
-- ----------------------------
DROP TABLE IF EXISTS `user_bindings`;
CREATE TABLE `user_bindings`  (
  `id` bigint UNSIGNED NOT NULL AUTO_INCREMENT,
  `user_id` bigint UNSIGNED NOT NULL,
  `platform` tinyint NOT NULL,
  `open_id` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
  `metadata` json NOT NULL,
  `created_at` datetime NOT NULL,
  `updated_at` datetime NOT NULL ON UPDATE CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`) USING BTREE,
  INDEX `user_bindings_ibfk_1`(`user_id`) USING BTREE,
  INDEX `platform`(`platform`) USING BTREE,
  INDEX `open_id`(`open_id`) USING BTREE,
  CONSTRAINT `user_bindings_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;</code></pre><p></div>
</div>
</div></p><p><p></p></div></div></div></p><p>在上述服务实现后，你还需要通过 Solon 的 Aop 将实现注入进去：</p><p><div class="tip inlineBlock error">

Just Auth Plus 本身具使用 ServiceLoader 加载数据的能力，但是由于 Solon 的类加载机制在某些情况下可能不能实现加载，所以建议使用一定会成功的 Aop 注入方式。
</div><br><div class="tip inlineBlock warning">

由于 JapMfaService 注入名称为 JapMfaService，所以不能直接将 JapMfaServcieImpl 当做名称注入进去。
</div></p><pre><code>package com.liusuyun.flowersay.gateway.configurations;

import com.fujieid.jap.ids.context.IdsContext;
import com.fujieid.jap.ids.solon.IdsCacheImpl;
import com.fujieid.jap.sso.JapMfaService;
import com.liusuyun.flowersay.gateway.services.IdsClientDetailServiceImpl;
import com.liusuyun.flowersay.gateway.services.IdsIdentityServiceImpl;
import com.liusuyun.flowersay.gateway.services.IdsUserServiceImpl;
import com.liusuyun.flowersay.gateway.services.JapMfaServiceImpl;
import org.noear.solon.annotation.Bean;
import org.noear.solon.annotation.Configuration;
import org.noear.solon.annotation.Inject;
import org.noear.solon.core.Aop;
import org.noear.solon.core.BeanWrap;

/**
 * @author 颖
 */
@Configuration
public class JapConfig {

@Bean
    public void ids(@Inject IdsContext context) {
        context.setCache(Aop.getOrNew(IdsCacheImpl.class));
        context.setClientDetailService(Aop.getOrNew(IdsClientDetailServiceImpl.class));
        context.setIdentityService(Aop.getOrNew(IdsIdentityServiceImpl.class));
        context.setUserService(Aop.getOrNew(IdsUserServiceImpl.class));
    }
    
    @Bean 
    public void core() {
        JapMfaServiceImpl japMfaService = Aop.getOrNew(JapMfaServiceImpl.class);
        Aop.wrapAndPut(JapMfaService.class, japMfaService);
    }

}</code></pre><hr><h2>内置 Controller 概览</h2><p><div class="tip inlineBlock warning">

在每一次请求跳转后，你可以使用 <code>Context.current().session(JAP_LAST_RESPONSE_KEY);</code>，获取该请求中上一个产生的 JapResponse。
</div></p><ul><li><em>Just Auth Plus</em></li><li><span class="label bg-warning">POST</span> /auth/login</li><li><span class="label bg-success">GET</span>/<span class="label bg-warning">POST</span> /auth/social/{platform}</li><li><span class="label bg-success">GET</span> /account/current</li><li><span class="label bg-success">GET</span> /auth/mfa/generate</li><li><span class="label bg-warning">POST</span> /auth/mfa/verify</li><li><em>Just Auth Plus Identity Server</em></li><li><span class="label bg-success">GET</span> 服务发现：/.well-known/openid-configuration</li><li><span class="label bg-success">GET</span> 解密公钥：/.well-known/jwks.json</li><li><span class="label bg-success">GET</span> 获取授权：/oauth/authorize <span class="label bg-success"> 跳转页面（登录页面或者回调页面）</span></li><li><span class="label bg-warning">POST</span> 同意授权：/oauth/authorize <span class="label bg-success"> 同意授权（在确认授权之后）</span></li><li><span class="label bg-success">GET</span> 自动授权：/oauth/authorize/auto <span class="label bg-success"> 自动授权（不会显示确认授权页面）</span></li><li><span class="label bg-success">GET</span> 确认授权：/oauth/confirm <span class="label bg-success">登录完成后的确认授权页面</span></li><li><span class="label bg-success">GET</span>/<span class="label bg-warning">POST</span> 获取/刷新Token：/oauth/token</li><li><span class="label bg-success">GET</span>/<span class="label bg-warning">POST</span> 收回Token：/oauth/revoke_token</li><li><span class="label bg-success">GET</span>/<span class="label bg-warning">POST</span> 用户详情：/oauth/userinfo</li><li><span class="label bg-success">GET</span> check session：/oauth/check_session</li><li><span class="label bg-success">GET</span> 授权异常：/oauth/error</li><li><span class="label bg-success">GET</span> 登录：/oauth/login <span class="label bg-success">跳转到登录页面</span></li><li><span class="label bg-warning">POST</span> 登录：/oauth/login <span class="label bg-success">执行登录表单</span></li><li><span class="label bg-success">GET</span> 退出登录：/oauth/logout</li></ul><hr><p>撒花~</p>

Jap for Solon - 官方食用指南

概述

开始食用

相关服务实现与注入

内置 Controller 概览

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Kubernetes 管理小技巧 - 一键清理集群所有无用资源

我回来啦！

云计算平台的搭建 - 以 Kolla&Ansible 作为核心

从零开始的云计算生活(雾)

欢迎使用 Typecho

一大堆 Node.js 项目？不怕，我有用 Python 写的符号连接制造器！

如何使用 Caddy 保护你的私有服务

使用 Golang 深度合并 Map

OpenStack 集群升级 | 从 Yoga 到 2023.2

此内容被密码保护

Jap for Solon - 官方食用指南

概述

开始食用

相关服务实现与注入

内置 Controller 概览

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Jap for Solon - 官方食用指南

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款