package com.iailab.module.pms.util.oauth2; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.date.LocalDateTimeUtil; import cn.hutool.core.util.StrUtil; import com.iailab.framework.common.util.http.HttpUtils; import com.iailab.framework.security.core.util.SecurityFrameworkUtils; import java.time.LocalDateTime; import java.time.temporal.ChronoUnit; import java.util.*; /** * OAuth2 相关的工具类 * * @author iailab */ public class OAuth2Utils { /** * 构建授权码模式下,重定向的 URI * * copy from Spring Security OAuth2 的 AuthorizationEndpoint 类的 getSuccessfulRedirect 方法 * * @param redirectUri 重定向 URI * @param authorizationCode 授权码 * @param state 状态 * @return 授权码模式下的重定向 URI */ public static String buildAuthorizationCodeRedirectUri(String redirectUri, String authorizationCode, String state) { Map query = new LinkedHashMap<>(); query.put("code", authorizationCode); if (state != null) { query.put("state", state); } return HttpUtils.append(redirectUri, query, null, false); } /** * 构建简化模式下,重定向的 URI * * copy from Spring Security OAuth2 的 AuthorizationEndpoint 类的 appendAccessToken 方法 * * @param redirectUri 重定向 URI * @param accessToken 访问令牌 * @param state 状态 * @param expireTime 过期时间 * @param scopes 授权范围 * @param additionalInformation 附加信息 * @return 简化授权模式下的重定向 URI */ public static String buildImplicitRedirectUri(String redirectUri, String accessToken, String state, LocalDateTime expireTime, Collection scopes, Map additionalInformation) { Map vars = new LinkedHashMap(); Map keys = new HashMap(); vars.put("access_token", accessToken); vars.put("token_type", SecurityFrameworkUtils.AUTHORIZATION_BEARER.toLowerCase()); if (state != null) { vars.put("state", state); } if (expireTime != null) { vars.put("expires_in", getExpiresIn(expireTime)); } if (CollUtil.isNotEmpty(scopes)) { vars.put("scope", buildScopeStr(scopes)); } if (CollUtil.isNotEmpty(additionalInformation)) { for (String key : additionalInformation.keySet()) { Object value = additionalInformation.get(key); if (value != null) { keys.put("extra_" + key, key); vars.put("extra_" + key, value); } } } // Do not include the refresh token (even if there is one) return HttpUtils.append(redirectUri, vars, keys, true); } public static String buildUnsuccessfulRedirect(String redirectUri, String responseType, String state, String error, String description) { Map query = new LinkedHashMap(); query.put("error", error); query.put("error_description", description); if (state != null) { query.put("state", state); } return HttpUtils.append(redirectUri, query, null, !responseType.contains("code")); } public static long getExpiresIn(LocalDateTime expireTime) { return LocalDateTimeUtil.between(LocalDateTime.now(), expireTime, ChronoUnit.SECONDS); } public static String buildScopeStr(Collection scopes) { return CollUtil.join(scopes, " "); } public static List buildScopes(String scope) { return StrUtil.split(scope, ' '); } }