概览

本站(springdoc.cn)中的内容来源于 spring.io ，原始版权归属于 spring.io。由 springboot.io - Spring Boot中文社区进行翻译，整理。可供个人学习、研究，未经许可，不得进行任何转载、商用或与之相关的行为。商标声明：Spring 是 Pivotal Software, Inc. 在美国以及其他国家的商标。

该文档包含Spring授权服务器（Authorization Server）的参考文档和操作指南。

Spring Authorization Server 介绍

Spring授权服务器是一个框架，提供 OAuth 2.1 和 OpenID Connect 1.0 规范及其他相关规范的实现。它建立在 Spring Security 之上，为构建OpenID Connect 1.0 Identity Provider 和OAuth2 授权服务器产品提供了一个安全、轻量级和可定制的基础。

功能列表

Spring Authorization Server 支持以下功能。

类别功能相关的规范

类别	功能	相关的规范
Authorization Grant	Authorization Code User Consent Client Credentials Refresh Token	The OAuth 2.1 Authorization Framework (draft) Authorization Code Grant Client Credentials Grant Refresh Token Grant OpenID Connect Core 1.0 (spec) Authorization Code Flow
Token Formats	Self-contained (JWT) Reference (Opaque)	JSON Web Token (JWT) (RFC 7519) JSON Web Signature (JWS) (RFC 7515)
Client Authentication	`client_secret_basic` `client_secret_post` `client_secret_jwt` `private_key_jwt` `none` (public clients)	The OAuth 2.1 Authorization Framework (Client Authentication) JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication (RFC 7523) Proof Key for Code Exchange by OAuth Public Clients (PKCE) (RFC 7636)
Protocol Endpoints	OAuth2 Authorization Endpoint OAuth2 Token Endpoint OAuth2 Token Introspection Endpoint OAuth2 Token Revocation Endpoint OAuth2 Authorization Server Metadata Endpoint JWK Set Endpoint OpenID Connect 1.0 Provider Configuration Endpoint OpenID Connect 1.0 UserInfo Endpoint OpenID Connect 1.0 Client Registration Endpoint	The OAuth 2.1 Authorization Framework (draft) Authorization Endpoint Token Endpoint OAuth 2.0 Token Introspection (RFC 7662) OAuth 2.0 Token Revocation (RFC 7009) OAuth 2.0 Authorization Server Metadata (RFC 8414) JSON Web Key (JWK) (RFC 7517) OpenID Connect Discovery 1.0 (spec) Provider Configuration Endpoint OpenID Connect Core 1.0 (spec) UserInfo Endpoint OpenID Connect Dynamic Client Registration 1.0 (spec) Client Registration Endpoint Client Configuration Endpoint

Authorization Grant

Authorization Code
- User Consent
Client Credentials
Refresh Token

The OAuth 2.1 Authorization Framework (draft)
OpenID Connect Core 1.0 (spec)
- Authorization Code Flow

Token Formats

Self-contained (JWT)
Reference (Opaque)

JSON Web Token (JWT) (RFC 7519)
JSON Web Signature (JWS) (RFC 7515)

Client Authentication

client_secret_basic
client_secret_post
client_secret_jwt
private_key_jwt
none (public clients)

The OAuth 2.1 Authorization Framework (Client Authentication)
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication (RFC 7523)
Proof Key for Code Exchange by OAuth Public Clients (PKCE) (RFC 7636)

Protocol Endpoints

The OAuth 2.1 Authorization Framework (draft)
- Authorization Endpoint
- Token Endpoint
OAuth 2.0 Token Introspection (RFC 7662)
OAuth 2.0 Token Revocation (RFC 7009)
OAuth 2.0 Authorization Server Metadata (RFC 8414)
JSON Web Key (JWK) (RFC 7517)
OpenID Connect Discovery 1.0 (spec)
- Provider Configuration Endpoint
OpenID Connect Core 1.0 (spec)
- UserInfo Endpoint
OpenID Connect Dynamic Client Registration 1.0 (spec)
- Client Registration Endpoint
- Client Configuration Endpoint