说明: 本文档用于描述oauth2-shiro对外开发的接口(API)使用,分为 authz 与 resources 两个部分, 所有标记 public 的API都是公开的, 其他的API则需要获取 access_token 后可调用

[authz]

获取access_token (grant_type=password) public

使用grant_type=password方式来获取access_token

  • 请求URI: /oauth/token POST

    请求参数说明:
    参数名 参数值 必须? 备注
    client_id {client_id}
    client_secret {client_secret}
    grant_type password 固定值
    scope {scope} read or write
    username {username} 用户名
    password {password} 用户密码
    请求示例:

    http://localhost:8080/authz/oauth/token?client_id=OMN4XjXmJidyzhUGWVrk&client_secret=wzRBGCblLSD4Zzfb3gl3&grant_type=password&scope=read&username=test&password=test


    响应
    • 正常 [200]
      {"token_type":"Bearer","expires_in":43199,"refresh_token":"a135278d0382260ab9afaea05e5cbb26","access_token":"81fab07a5c91bcd06f60419fb22ecc9f"}

    • 异常 [400]
      {"error":"invalid_grant","error_description":"Bad credentials"}

[authz]

获取access_token (grant_type=authorization_code) public

使用grant_type=authorization_code 方式来获取access_token, 需要先获取code

  • 请求URI: /oauth/token POST

    请求参数说明:
    参数名 参数值 必须? 备注
    client_id {client_id}
    client_secret {client_secret}
    grant_type authorization_code 固定值
    code {code}
    redirect_uri {redirect_uri}
    请求示例:

    http://localhost:8080/authz/oauth/token?client_id=OMN4XjXmJidyzhUGWVrk&client_secret=wzRBGCblLSD4Zzfb3gl3&grant_type=authorization_code&code=26964a1255766630a&redirect_uri=http://localhost:8080/authz/


    响应
    • 正常 [200]
      {"token_type":"Bearer","expires_in":43199,"refresh_token":"8e91a56f53857688a3ffd8c7cfd311cf","access_token":"8bdaab126137049bd209631a23024f12"}

    • 异常 [400]
      {"error":"invalid_grant","error_description":"Invalid code '26964e42c667b5d42f89a1255766630a'"}

[authz]

获取access_token (grant_type=client_credentials) public

使用grant_type=client_credentials 方式来获取access_token, 不需要username, password, 不支持 refresh_token

  • 请求URI: /oauth/token POST

    请求参数说明:
    参数名 参数值 必须? 备注
    client_id {client_id}
    client_secret {client_secret}
    grant_type client_credentials 固定值
    scope {scope} read or write
    请求示例:

    http://localhost:8080/authz/oauth/token?client_id=OMN4XjXmJidyzhUGWVrk&client_secret=wzRBGCblLSD4Zzfb3gl3&grant_type=client_credentials&scope=read


    响应
    • 正常 [200]
      {"token_type":"Bearer","expires_in":19476,"access_token":"ee7c7d1bf0cea77a883a082cb7085b64"}

    • 异常 [401]
      {"error":"invalid_client","error_description":"Invalid client_id 'OMN4XjXmJidyzhUGWVrdk'"}

[authz]

刷新access_token (grant_type=refresh_token) public

用于在access_token要过期时换取新的access_token (grant_type需要有refresh_token)

  • 请求URI: /oauth/token POST

    请求参数说明:
    参数名 参数值 必须? 备注
    client_id {client_id}
    client_secret {client_secret}
    grant_type refresh_token 固定值
    refresh_token {refresh_token}
    请求示例:

    http://localhost:8080/authz/oauth/token?client_id=OMN4XjXmJidyzhUGWVrk&client_secret=wzRBGCblLSD4Zzfb3gl3&grant_type=refresh_token&refresh_token=8e91a56f53857688a3ffd8c7cfd311cf


    响应
    • 正常 [200]
      {"token_type":"Bearer","expires_in":43199,"refresh_token":"a407f77b8269493433e0756aedabad66","access_token":"a9beb6b987b3365f9c2efc46e19b1f1a"}

    • 异常 [400]
      {"error":"invalid_grant","error_description":"Invalid refresh_token: 8e91a56f53857688a3ffd8c7cfd311cfss"}


[resources]

获取当前系统时间(resource-id: mobile-resource)

获取当前系统时间, 需要access_token的 resource-id 为 mobile-resource 才能访问

  • 请求URI: /mobile/system_time GET

    请求参数说明:
    参数名 参数值 必须? 备注
    请求示例:

    http://localhost:8080/rs/mobile/system_time?access_token=95c3afd44c5d87301dc3034b20b3fc75


    响应
    • 正常 [200]
      {"time":1465560577614}

    • 异常 [401]
      {"error":"invalid_token","error_description":"Invalid access_token: 95c3afd44c5d87301dc3034b20b3fc75s"}

[resources]

获取当前用户信息 (resource-id: os-resource; Role: User)

使用access_token获取用户信息, 需要access_token的 resource-id 为 os-resource 且用户Role包含 User 才能访问

  • 请求URI: /rs/username GET

    请求参数说明:
    参数名 参数值 必须? 备注
    请求示例:

    http://localhost:8080/rs/rs/username?access_token=95c3afd44c5d87301dc3034b20b3fc75


    响应
    • 正常 [200]
      {"clientId":"WQlJ2ZZBV8iJGKnkqfdbgvfVgY3Cp17AEbMijnID","username":"xiaowang"}

    • 异常 [401]
      {"error":"invalid_token","error_description":"Invalid client by token: 95c3afd44c5d87301dc3034b20b3fc75"}