function<\/span> (<\/span>user<\/span>,<\/span> context<\/span>,<\/span> callback<\/span>)<\/span> {<\/span>\r\n var<\/span> map<\/span> =<\/span> require<\/span>(<\/span>'<\/span>array-map<\/span>'<\/span>);<\/span>\r\n var<\/span> ManagementClient<\/span> =<\/span> require<\/span>(<\/span>'<\/span>auth0@2.17.0<\/span>'<\/span>).<\/span>ManagementClient<\/span>;<\/span>\r\n var<\/span> management<\/span> =<\/span> new<\/span> ManagementClient<\/span>({<\/span>\r\n token<\/span>:<\/span> auth0<\/span>.<\/span>accessToken<\/span>,<\/span>\r\n domain<\/span>:<\/span> auth0<\/span>.<\/span>domain<\/span>\r\n });<\/span>\r\n\r\n var<\/span> params<\/span> =<\/span> {<\/span> id<\/span>:<\/span> user<\/span>.<\/span>user_id<\/span>,<\/span> page<\/span>:<\/span> 0<\/span>,<\/span> per_page<\/span>:<\/span> 50<\/span>,<\/span> include_totals<\/span>:<\/span> true<\/span> };<\/span>\r\n management<\/span>.<\/span>getUserPermissions<\/span>(<\/span>params<\/span>,<\/span> function<\/span> (<\/span>err<\/span>,<\/span> permissions<\/span>)<\/span> {<\/span>\r\n if<\/span> (<\/span>err<\/span>)<\/span> {<\/span>\r\n \/\/ Handle error.<\/span>\r\n console<\/span>.<\/span>log<\/span>(<\/span>'<\/span>err: <\/span>'<\/span>,<\/span> err<\/span>);<\/span>\r\n callback<\/span>(<\/span>err<\/span>);<\/span>\r\n }<\/span> else<\/span> {<\/span>\r\n var<\/span> permissionsArr<\/span> =<\/span> map<\/span>(<\/span>permissions<\/span>.<\/span>permissions<\/span>,<\/span> function<\/span> (<\/span>permission<\/span>)<\/span> {<\/span>\r\n return<\/span> permission<\/span>.<\/span>permission_name<\/span>;<\/span>\r\n });<\/span>\r\n context<\/span>.<\/span>idToken<\/span>[<\/span>'<\/span>http:\/\/example.com\/permissions<\/span>'<\/span>]<\/span> =<\/span> permissionsArr<\/span>;<\/span>\r\n }<\/span>\r\n callback<\/span>(<\/span>null<\/span>,<\/span> user<\/span>,<\/span> context<\/span>);<\/span>\r\n });<\/span>\r\n}<\/span>\r\n\r\n<\/code><\/pre>\n\u6839\u636eID Token\u7684\u6743\u9650\u4fe1\u606f\uff0c\u5728Spring Security\u4e2d\u8fdb\u884c\u8bbf\u95ee\u63a7\u5236\u3002<\/h2>\n
\u4e0b\u9762\u662f\u4e00\u4e2a\u4eceID\u4ee4\u724c\u4e2d\u83b7\u53d6\u9644\u52a0\u7684\u6388\u6743\u4fe1\u606f\uff0c\u5e76\u5c06\u5176\u7528\u4e8e\u8bbf\u95ee\u63a7\u5236\u7684Spring Boot\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u914d\u7f6e\u793a\u4f8b\u3002<\/p>\n
\u521b\u5efa\u4e00\u4e2aSpring Boot\u5e94\u7528\u7a0b\u5e8f<\/h3>\n
\u4f7f\u7528Spring Initializer\u9009\u62e9\u4ee5\u4e0b\u4f9d\u8d56\u5173\u7cfb\u5e76\u521b\u5efa\u9879\u76ee\u3002<\/p>\n
![\"image.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d40f237434c4406c94274\/15-0.png\" "\\"\\"")
<\/div>\n<dependencies>\r\n <dependency>\r\n <groupId>org.springframework.boot<\/groupId>\r\n <artifactId>spring-boot-starter-web<\/artifactId>\r\n <\/dependency>\r\n <dependency>\r\n <groupId>org.springframework.boot<\/groupId>\r\n <artifactId>spring-boot-starter-oauth2-resource-server<\/artifactId>\r\n <\/dependency>\r\n<\/dependencies>\r\n<\/code><\/pre>\nJWT \u8ba4\u8bc1\u670d\u52a1\u5668\u914d\u7f6e<\/h3>\n
\u53ea\u9700\u8981\u4e00\u79cd\u9009\u62e9\uff1a
\n\u53ef\u4ee5\u4f7f\u7528\u4ec5\u5c5e\u6027\u8bbe\u7f6e\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u914d\u7f6e\u3002
\n\u8bbe\u7f6e\u4ee5\u4e0b\u7531Spring Security\u5b9a\u4e49\u7684\u5c5e\u6027\u3002<\/p>\n
\n\u5c5e\u6027\u8a2d\u5b9a\u5024spring.security.oauth2.resourceserver.jwt.issuer-urihttps:\/\/<\/code> \u30d7\u30ec\u30d5\u30a3\u30c3\u30af\u30b9\u3068 \/<\/code> \u30b5\u30d5\u30a3\u30c3\u30af\u30b9\u304c\u4ed8\u3044\u305f Auth0 \u30c9\u30e1\u30a4\u30f3\u3002\u672b\u5c3e \/<\/code> \u3092\u7701\u7565\u3059\u308b\u3068\u52d5\u304b\u306a\u3044\u3002auth0.audienceAuth0 Application \u306e Client ID\u3002<\/div>\n<\/div>\nspring.security.oauth2.resourceserver.jwt.issuer-uri<\/span>=<\/span>https:\/\/YOUR_DOMAIN\/<\/span>\r\nauth0.audience<\/span>=<\/span>YOUR_APP_CLIENT_ID<\/span>\r\n<\/code><\/pre>\n\u81ea\u5b9a\u4e49\u7d22\u8d54\u7684\u83b7\u53d6\u8bbe\u7f6e<\/h3>\n
\u83b7\u53d6\u9644\u52a0\u5728 ID Token \u81ea\u5b9a\u4e49\u58f0\u660e\u4e2d\u7684\u6743\u9650\u4fe1\u606f\uff0c\u5e76\u5c06\u5176\u8bbe\u7f6e\u4e3a\u5b89\u5168\u4e3b\u4f53\uff08Security Principal\uff09\u3002<\/p>\n
#Auth0 \u306e Rules \u3067\u5b9a\u7fa9\u3057\u305f\u30ab\u30b9\u30bf\u30e0\u30af\u30ec\u30fc\u30e0\u540d\r\n<\/span>permissions.claim<\/span>=<\/span>http:\/\/example.com\/permissions<\/span>\r\n<\/code><\/pre>\npublic<\/span> class<\/span> SecurityConfig<\/span> extends<\/span> WebSecurityConfigurerAdapter<\/span> {<\/span>\r\n\r\n @Value<\/span>(<\/span>value<\/span> =<\/span> \"${permissions.claim}\"<\/span>)<\/span>\r\n private<\/span> String<\/span> permissionsClaim<\/span>;<\/span>\r\n\r\n @Override<\/span>\r\n public<\/span> void<\/span> configure<\/span>(<\/span>HttpSecurity<\/span> http<\/span>)<\/span> throws<\/span> Exception<\/span> {<\/span>\r\n\r\n http<\/span>.<\/span>authorizeRequests<\/span>()<\/span>\r\n .<\/span>mvcMatchers<\/span>(<\/span>\"\/api\/public\"<\/span>).<\/span>permitAll<\/span>()<\/span>\r\n .<\/span>mvcMatchers<\/span>(<\/span>\"\/api\/private\"<\/span>).<\/span>authenticated<\/span>()<\/span>\r\n .<\/span>mvcMatchers<\/span>(<\/span>\"\/api\/private-scoped\"<\/span>).<\/span>hasAuthority<\/span>(<\/span>\"read:messages\"<\/span>)<\/span>\r\n .<\/span>and<\/span>().<\/span>oauth2ResourceServer<\/span>().<\/span>jwt<\/span>()<\/span>\r\n .<\/span>jwtAuthenticationConverter<\/span>(<\/span>jwt<\/span> -><\/span> new<\/span> JwtAuthenticationToken<\/span>(<\/span>jwt<\/span>,<\/span>\r\n jwt<\/span>.<\/span>getClaimAsStringList<\/span>(<\/span>permissionsClaim<\/span>)<\/span>\r\n .<\/span>stream<\/span>()<\/span>\r\n .<\/span>