我有以下信息： 授予类型：客户凭证 访问令牌URL：https://host/adfs/oauth2/token 客户编号：clientId 客户机密：clientSecret

我的目标是制造一个资源服务器，该资源服务器将在头中接收jwt或访问令牌。令牌通过验证后，我将返回要求的资源。

问题：我不确定如何使用spring react来验证令牌。

注意：服务器已启用开放ID。

我尝试过： https://docs.spring.io/spring-security/site/docs/5.1.0.BUILD-SNAPSHOT/reference/html/webclient.html

和 https://www.youtube.com/watch?v=1N-xwmoN83w&t=1338s

如果您点击

https://host/adfs/.well-known/openid-configuration

{ 
   "issuer":"https:\/\/host\/adfs","authorization_endpoint":"https:\/\/host\/adfs\/oauth2\/authorize\/","token_endpoint":"https:\/\/host\/adfs\/oauth2\/token\/","jwks_uri":"https:\/\/host\/adfs\/discovery\/keys","token_endpoint_auth_methods_supported":[ 
      "client_secret_post","client_secret_basic","private_key_jwt","windows_client_authentication"
   ],"response_types_supported":[ 
      "code","id_token","code id_token","id_token token","code token","code id_token token"
   ],"response_modes_supported":[ 
      "query","fragment","form_post"
   ],"grant_types_supported":[ 
      "authorization_code","refresh_token","client_credentials","urn:ietf:params:oauth:grant-type:jwt-bearer","implicit","password","srv_challenge","urn:ietf:params:oauth:grant-type:device_code","device_code"
   ],"subject_types_supported":[ 
      "pairwise"
   ],"scopes_supported":[ 
      "email","profile","winhello_cert","logon_cert","user_impersonation","aza","vpn_cert","openid","allatclaims"
   ],"id_token_signing_alg_values_supported":[ 
      "RS256"
   ],"token_endpoint_auth_signing_alg_values_supported":[ 
      "RS256"
   ],"access_token_issuer":"http:\/\/host\/adfs\/services\/trust","claims_supported":[ 
      "aud","iss","iat","exp","auth_time","nonce","at_hash","c_hash","sub","upn","unique_name","pwd_url","pwd_exp","mfa_auth_time","sid"
   ],"microsoft_multi_refresh_token":true,"userinfo_endpoint":"https:\/\/host\/adfs\/userinfo","capabilities":[ 

   ],"end_session_endpoint":"https:\/\/host\/adfs\/oauth2\/logout","as_access_token_token_binding_supported":true,"as_refresh_token_token_binding_supported":true,"resource_access_token_token_binding_supported":true,"op_id_token_token_binding_supported":true,"rp_id_token_token_binding_supported":true,"frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"device_authorization_endpoint":"https:\/\/host\/adfs\/oauth2\/devicecode"
}

我有一个简单的控制器：

@RestController
public class Controller {
    @GetMapping("/hello")
    public String sayHello(){
        return "hello";
    }
}

及以下课程：

@ConditionalOnClass({ EnableWebFluxSecurity.class,WebFilterChainProxy.class })
@ConditionalOnmissingBean(WebFilterChainProxy.class)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REactIVE)
@EnableWebFluxSecurity
public class WebSecurityConfig {


    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {        http.authorizeExchange().anyExchange().authenticated().and().oauth2ResourceServer().jwt();
        return http.build();
    }

}

在应用程序属性中，我具有： spring.security.oauth2.resourceserver.jwt.issuer-uri：valid-uri

这是日志： 2019-11-05 16：00：55.638调试51492 --- [ctor-http-nio-3] o.s.w.s.adapter.HttpWebHandlerAdapter：[7598cb39] HTTP GET“ / hello” 2019-11-05 16：00：55.746调试51492 --- [ctor-http-nio-3] o.s.w.r.f.client.ExchangeFunctions：[628b27eb] HTTP GET https://host/adfs/discovery/keys 2019-11-05 16：00：55.823调试51492 --- [ctor-http-nio-4] o.s.w.r.f.client.ExchangeFunctions：[628b27eb]响应200 OK 2019-11-05 16：00：55.840调试51492 --- [ctor-http-nio-4] oscore.codec.StringDecoder：[628b27eb]解码为“ {” keys“：[{” kty“：” algo“ ，“ use”：“ sig”，“ alg”：“ HS234”，“ kid”：“ feafafa”，“ x5t”：“ fKeeYG0K（截短）... 2019-11-05 16：00：55.858调试51492 --- [ctor-http-nio-4] o.s.w.s.adapter.HttpWebHandlerAdapter：[7598cb39]已完成401未经授权