OAuth2.0 协议授权码模式与应用系统对接
时序图
上图为 OAuth2.0 授权码模式认证时序图,描述了一个应用的授权认证及访问过程。
上图分两个阶段,阶段一为单点认证阶段:
- 访问应用系统,应用系统检测未登录。
- 请求获取授权码端口 /sso/oauth2.0/authorize。
- 系统检测到用户未登录,重定向至登录页面。
- 用户输入用户名密码登录。
- 认证服务认证通过后携带授权码
code重定向。 - 浏览器跳转至应用。
- 应用系统前端调用应用系统后端访问令牌接口。
- 后端资源服务服务器再去调用统一认证 /sso/oauth2.0/accessToken 接口获取访问令牌
access_token。因为client_secret存储在后端服务器中更为安全。 - 认证服务返回访问令牌
access_token给应用系统后端。 - 应用系统前端拿到应用系统后端返回的访问令牌
access_token后将其缓存在本地。 - 应用通过获取用户信息接口 /sso/oauth2.0/profile 获取用户信息。
- 认证服务返回用户信息。
阶段二为访问后端接口:
1) 用户操作浏览器访问应用前端,前端需要调用后端接口。
2) 应用系统前端可先检查访问令牌 access_token 是否过期,过期的令牌可通过调用刷新访问令牌的接口,应用系统前端调用应用系统后端的刷新令牌接口。如果检查访问令牌没有过期可以直接到第六步执行访问接口。
3) 应用系统后端再调用统一认证的刷新访问令牌接口/sso/oauth2.0/accessToken 刷新令牌。
4) 认证服务返回访问令牌 access_token 到应用系统后端。
5) 应用系统前端拿到应用系统后端返回的访问令牌 access_token 后将其缓存在本地。
6) 请求应用系统后端接口,并在请求头中带上访问令牌 access_token。
7) 应用系统后端接收到请求后调用统一认证的访问令牌校验接口 /sso/oauth2.0/introspect 进行令牌校验。
8) 校验通过应用系统后端会收到令牌状态、用户信息等返回,之后可继续进行业务的处理。
9) 应用系统前端收到后端返回的业务数据。
浏览器渲染数据显示。
准备工作
在数字底座注册应用,注册时需指定应用访问URL,注册后可获取应用的 client_id 和 client_secret 供后面使用
以下是上述过程中会用到的接口:
获取授权码
请求地址:http://IP:PORT/sso/oauth2.0/authorize
请求方法:GET
描述:授权用户启动身份验证流程,浏览器访问该端口
请求参数:
| 参数名 | 描述 |
|---|---|
| response_type | 返回类型为固定值code。 |
| client_id | 申请的客户端id。 |
| redirect_uri | 重定向url,认证通过后会重定向回来并以授权码 code 作为请求参数。 |
请求示例:
http
GET http://IP:PORT/sso/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=http://localhost:7070/demo/org响应示例:
http
HTTP/1.1 302 Found
Location: http://localhost:7070/demo/org?code=OC-1-RwsfG6bJFuiUaBt0vMTS02rlJgHeeUHf获取访问令牌
接口地址:http://IP:PORT/sso/oauth2.0/accessToken
请求方法:GET|POST
描述:通过授权码 code 获取访问令牌
请求参数:
| 参数名 | 描述 |
|---|---|
| grant_type | 授权类型为固定值authorization_code。 |
| client_id | 申请的客户端id。 |
| client_secret | 申请的客户端密钥。 |
| code | 请求授权返回的授权码code,一个授权码使用一次后便会失效。 |
| redirect_uri | 重定向url。 |
响应字段:
| 字段 | 描述 |
|---|---|
| access_token | 访问令牌。 |
| refresh_token | 刷新令牌。 |
| token_type | 令牌类型。 |
| expires_in | 过期时间(秒)。 |
| scope | 权限范围。 |
请求示例:
http
GET http://IP:PORT/sso/oauth2.0/accessToken?grant_type=authorization_code&client_id=clientid&client_secret=secret&code=OC-1-RwsfG6bJFuiUaBt0vMTS02rlJgHeeUHf&redirect_uri=http://localhost:7070/demo/org响应示例:
json
{
"access_token": "AT-1-mGX3XxDMrG2tyw-YYovSdlqsbCETdXd-",
"refresh_token": "RT-1-B7269kSYS8qnjnnqUe-CKyaocJeHerso",
"token_type": "Bearer",
"expires_in": 28800,
"scope": ""
}获取用户信息
接口地址:http://IP:PORT/sso/oauth2.0/profile
请求方法:GET|POST
描述:获取认证过的用户信息
请求参数:
| 参数名 | 描述 |
|---|---|
| access_token | 访问令牌 |
响应字段:
| 字段 | 描述 |
|---|---|
| avator | 头像url |
| CAID | CAID |
| dn | 由name组成的父子关系列表(倒序),之间用逗号分隔 |
| 邮箱 | |
| guidPath | 由ID组成的父子关系列表(正序),之间用逗号分隔 |
| IDNum | 身份证号 |
| isValidateIE | 是否为合法的IE版本(针对使用IE的情况) |
| loginName | 登录名 |
| loginType | 登录类型 |
| mobile | 电话号码 |
| name | 姓名 |
| oauthClientId | oauth 客户端 id |
| original | 是否为原始账号(针对多岗) |
| originalID | 原始账号 id |
| parentID | 人员父节点id |
| password | 密码 |
| personID | 人员 id |
| personType | 人员类型 |
| roles | 角色 |
| sex | 性别 |
| tenantID | 租户 id |
| tenantLoginName | 租户登录名 |
| tenantManager | 是否为租户管理员 |
| tenantName | 租户名 |
| service | 授权认证的服务 url |
| id | 登录名 |
| client_id | oauth 客户端 id |
请求示例:
http
GET http://IP:PORT/sso/oauth2.0/profile?access_token=AT-1-mGX3XxDMrG2tyw-YYovSdlqsbCETdXd-响应示例:
json
{
"avator": "",
"caid": "",
"dn": "cn=系统管理员,o=虚拟组织",
"email": "",
"globalManager": true,
"guidPath": "1598723782640406528,1598723782690738176",
"idNum": "",
"loginName": "systemManager",
"loginType": "loginName",
"managerLevel": 1,
"mobile": "13111112222",
"name": "系统管理员",
"oauthClientId": "clientid",
"org.apereo.cas.authentication.Authentication": {
"authenticationDate": "2024-03-25T03:31:48.413487Z",
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager",
"attributes": {
"avator": "",
"caid": "",
"dn": "cn=系统管理员,o=虚拟组织",
"email": "",
"globalManager": true,
"guidPath": "1598723782640406528,1598723782690738176",
"idNum": "",
"loginName": "systemManager",
"loginType": "loginName",
"managerLevel": 1,
"mobile": "13111112222",
"name": "系统管理员",
"original": true,
"originalId": "",
"parentId": "1598723782640406528",
"password": "$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm",
"personId": "1598723782690738176",
"personType": "deptPerson",
"positionId": "",
"positions": "",
"roles": "",
"sex": 1,
"tenantId": "11111111-1111-1111-1111-111111111113",
"tenantName": "default",
"tenantShortName": "default"
}
},
"credentials": [
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential",
"properties": {
"UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0",
"GeoLocation": {}
}
}
],
"attributes": {
"credentialType": "RememberMeUsernamePasswordCredential",
"clientIpAddress": "0:0:0:0:0:0:0:1",
"authenticationDate": 1711337508,
"authenticationMethod": "y9AuthenticationHandler",
"successfulAuthenticationHandlers": "y9AuthenticationHandler",
"serverIpAddress": "127.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
},
"successes": {
"y9AuthenticationHandler": {
"@class": "org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult",
"handlerName": "y9AuthenticationHandler",
"credentialMetaData": {
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager"
}
}
}
},
"org.apereo.cas.services.RegisteredService": {
"serviceId": "^(https?)://.*",
"name": "oauthServiceDemo",
"theme": "y9-apereo",
"id": 1,
"description": "oauth Authentication app demo",
"evaluationOrder": 1002,
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
"authorizedToReleaseCredentialPassword": true,
"authorizedToReleaseProxyGrantingTicket": true
},
"logoutUrl": "http://localhost:7055/oauth/public/oauth/callback",
"clientSecret": "secret",
"clientId": "clientid",
"bypassApprovalPrompt": true,
"generateRefreshToken": true,
"renewRefreshToken": true,
"supportedGrantTypes": [
"refresh_token",
"password",
"client_credentials",
"authorization_code"
],
"supportedResponseTypes": [
"code",
"token"
]
},
"org.apereo.cas.ticket.TicketGrantingTicket": "TGT-1-LZcFE8ouDeZdi-qX0uf1gcXGDCQfWes4dC0AqXqR7AUND-vRHUfhLTqxe5gLpRYJr8U-Tobins-Mac-Studio",
"org.apereo.cas.validation.Assertion": {
"primaryAuthentication": {
"@class": "org.apereo.cas.authentication.DefaultAuthentication",
"authenticationDate": "2024-03-25T03:31:48.413487Z",
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager",
"attributes": {
"avator": "",
"caid": "",
"dn": "cn=系统管理员,o=虚拟组织",
"email": "",
"globalManager": true,
"guidPath": "1598723782640406528,1598723782690738176",
"idNum": "",
"loginName": "systemManager",
"loginType": "loginName",
"managerLevel": 1,
"mobile": "13111112222",
"name": "系统管理员",
"original": true,
"originalId": "",
"parentId": "1598723782640406528",
"password": "$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm",
"personId": "1598723782690738176",
"personType": "deptPerson",
"positionId": "",
"positions": "",
"roles": "",
"sex": 1,
"tenantId": "11111111-1111-1111-1111-111111111113",
"tenantName": "default",
"tenantShortName": "default"
}
},
"credentials": [
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential",
"properties": {
"UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0",
"GeoLocation": {}
}
}
],
"attributes": {
"credentialType": "RememberMeUsernamePasswordCredential",
"clientIpAddress": "0:0:0:0:0:0:0:1",
"authenticationDate": 1711337508,
"authenticationMethod": "y9AuthenticationHandler",
"successfulAuthenticationHandlers": "y9AuthenticationHandler",
"serverIpAddress": "127.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0",
"isFromNewLogin": true,
"longTermAuthenticationRequestTokenUsed": false
},
"successes": {
"y9AuthenticationHandler": {
"@class": "org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult",
"handlerName": "y9AuthenticationHandler",
"credentialMetaData": {
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager"
}
}
}
},
"originalAuthentication": {
"@class": "org.apereo.cas.authentication.DefaultAuthentication",
"authenticationDate": "2024-03-25T03:31:48.413487Z",
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager",
"attributes": {
"avator": "",
"caid": "",
"dn": "cn=系统管理员,o=虚拟组织",
"email": "",
"globalManager": true,
"guidPath": "1598723782640406528,1598723782690738176",
"idNum": "",
"loginName": "systemManager",
"loginType": "loginName",
"managerLevel": 1,
"mobile": "13111112222",
"name": "系统管理员",
"original": true,
"originalId": "",
"parentId": "1598723782640406528",
"password": "$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm",
"personId": "1598723782690738176",
"personType": "deptPerson",
"positionId": "",
"positions": "",
"roles": "",
"sex": 1,
"tenantId": "11111111-1111-1111-1111-111111111113",
"tenantName": "default",
"tenantShortName": "default"
}
},
"credentials": [
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential",
"properties": {
"UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0",
"GeoLocation": {}
}
}
],
"attributes": {
"credentialType": "RememberMeUsernamePasswordCredential",
"clientIpAddress": "0:0:0:0:0:0:0:1",
"authenticationDate": 1711337508,
"authenticationMethod": "y9AuthenticationHandler",
"successfulAuthenticationHandlers": "y9AuthenticationHandler",
"serverIpAddress": "127.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
},
"successes": {
"y9AuthenticationHandler": {
"@class": "org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult",
"handlerName": "y9AuthenticationHandler",
"credentialMetaData": {
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager"
}
}
}
},
"chainedAuthentications": {
"@class": "org.apereo.cas.authentication.DefaultAuthentication",
"authenticationDate": "2024-03-25T03:31:48.413487Z",
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager",
"attributes": {
"avator": "",
"caid": "",
"dn": "cn=系统管理员,o=虚拟组织",
"email": "",
"globalManager": true,
"guidPath": "1598723782640406528,1598723782690738176",
"idNum": "",
"loginName": "systemManager",
"loginType": "loginName",
"managerLevel": 1,
"mobile": "13111112222",
"name": "系统管理员",
"original": true,
"originalId": "",
"parentId": "1598723782640406528",
"password": "$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm",
"personId": "1598723782690738176",
"personType": "deptPerson",
"positionId": "",
"positions": "",
"roles": "",
"sex": 1,
"tenantId": "11111111-1111-1111-1111-111111111113",
"tenantName": "default",
"tenantShortName": "default"
}
},
"credentials": [
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
{
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential",
"properties": {
"UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0",
"GeoLocation": {}
}
}
],
"attributes": {
"credentialType": "RememberMeUsernamePasswordCredential",
"clientIpAddress": "0:0:0:0:0:0:0:1",
"authenticationDate": 1711337508,
"authenticationMethod": "y9AuthenticationHandler",
"successfulAuthenticationHandlers": "y9AuthenticationHandler",
"serverIpAddress": "127.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
},
"successes": {
"y9AuthenticationHandler": {
"@class": "org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult",
"handlerName": "y9AuthenticationHandler",
"credentialMetaData": {
"@class": "org.apereo.cas.authentication.metadata.BasicCredentialMetaData",
"id": "systemManager",
"credentialClass": "org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential"
},
"principal": {
"@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
"id": "systemManager"
}
}
}
},
"fromNewLogin": true,
"service": {
"@class": "org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl",
"id": "http://localhost:7070/demo/org",
"originalUrl": "http://localhost:7070/demo/org",
"principal": "systemManager",
"source": "service",
"format": "XML",
"attributes": {
"service": "http://localhost:7055/sso/oauth2.0/callbackAuthorize?client_id=clientid&redirect_uri=http%3A%2F%2Flocalhost%3A7070%2Fdemo%2Forg&response_type=code&client_name=CasOAuthClient",
"response_type": "code",
"redirect_uri": "http://localhost:7070/demo/org",
"client_name": "CasOAuthClient",
"client_id": "clientid"
}
},
"registeredService": {
"@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"serviceId": "^(https?)://.*",
"name": "oauthServiceDemo",
"theme": "y9-apereo",
"id": 1,
"description": "oauth Authentication app demo",
"evaluationOrder": 1002,
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
"authorizedToReleaseCredentialPassword": true,
"authorizedToReleaseProxyGrantingTicket": true
},
"logoutUrl": "http://localhost:7055/oauth/public/oauth/callback",
"clientSecret": "secret",
"clientId": "clientid",
"bypassApprovalPrompt": true,
"generateRefreshToken": true,
"renewRefreshToken": true,
"supportedGrantTypes": [
"refresh_token",
"password",
"client_credentials",
"authorization_code"
],
"supportedResponseTypes": [
"code",
"token"
]
},
"context": {
"org.apereo.cas.ticket.TicketGrantingTicket": "TGT-1-LZcFE8ouDeZdi-qX0uf1gcXGDCQfWes4dC0AqXqR7AUND-vRHUfhLTqxe5gLpRYJr8U-Tobins-Mac-Studio"
}
},
"original": true,
"originalId": "",
"parentId": "1598723782640406528",
"password": "$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm",
"personId": "1598723782690738176",
"personType": "deptPerson",
"positionId": "",
"positions": "",
"roles": "",
"sex": 1,
"tenantId": "11111111-1111-1111-1111-111111111113",
"tenantName": "default",
"tenantShortName": "default",
"service": "http://localhost:7070/demo/org",
"id": "systemManager",
"client_id": "clientid"
}刷新访问令牌
接口地址:http://IP:PORT/sso/oauth2.0/accessToken
请求方法:GET|POST
描述:当访问令牌过期了可通过 refresh_token 去获取新的访问令牌
请求参数:
| 参数名 | 描述 |
|---|---|
| grant_type | 授权类型为固定值 refresh_token |
| client_id | 申请的客户端 id |
| client_secret | 申请的客户端密钥 |
| refresh_token | 刷新令牌 |
请求示例:
http
GET http://IP:PORT/sso/oauth2.0/accessToken?grant_type=refresh_token&client_id=clientid&client_secret=secret&refresh_token=RT-1-B7269kSYS8qnjnnqUe-CKyaocJeHerso响应示例:
json
{
"access_token": "AT-2-43dmL9VPWjK0v-ghzdX7hm4VKZgKRpCJ",
"refresh_token": "RT-2-XZhZr4i74OcawtxLJ9p-aMQ-UkFIj7Wg",
"token_type": "Bearer",
"expires_in": 28800,
"scope": ""
}访问令牌校验
接口地址:http://IP:PORT/sso/oauth2.0/introspect
请求方法:GET|POST
描述:查询访问令牌 access_token 的状态,其中应用的凭证 client_id 和 client_secret 需以 Basic Auth 的形式提供
请求参数:
| 参数名 | 描述 |
|---|---|
| token | 访问令牌 access_token |
请求头:
| 参数名 | 描述 |
|---|---|
| Authorization | 应用的凭证,参数值为 Basic {Auth} 其中 {Auth} 为经过 base64 编码的 client_id 和 client_secret,即 base64_encode(client_id:client_secret) |
请求示例:
http
GET http://IP:PORT/sso/oauth2.0/introspect
Authorization: Basic Y2xpZW50aWQ6c2VjcmV0
Content-Type: application/x-www-form-urlencoded
token=AT-80-YwO-UIy7ZkDaNHPQRZv5WE8nSFsBiOn7响应示例:
json
{
"token": "AT-2-43dmL9VPWjK0v-ghzdX7hm4VKZgKRpCJ",
"active": true,
"sub": "systemManager",
"scope": "CAS",
"iat": 1711338036,
"exp": 1711366836,
"realmName": "y9AuthenticationHandler",
"uniqueSecurityName": "systemManager",
"tokenType": "Bearer",
"aud": "clientid",
"attr": "{\"oauthClientId\":\"clientid\",\"loginType\":\"loginName\",\"roles\":\"\",\"org.apereo.cas.validation.Assertion\":{\"primaryAuthentication\":{\"@class\":\"org.apereo.cas.authentication.DefaultAuthentication\",\"authenticationDate\":\"2024-03-25T03:31:48.413487Z\",\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{\"avator\":[\"\"],\"caid\":[\"\"],\"dn\":[\"cn=系统管理员,o=虚拟组织\"],\"email\":[\"\"],\"globalManager\":[true],\"guidPath\":[\"1598723782640406528,1598723782690738176\"],\"idNum\":[\"\"],\"loginName\":[\"systemManager\"],\"loginType\":[\"loginName\"],\"managerLevel\":[1],\"mobile\":[\"13111112222\"],\"name\":[\"系统管理员\"],\"original\":[true],\"originalId\":[\"\"],\"parentId\":[\"1598723782640406528\"],\"password\":[\"$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm\"],\"personId\":[\"1598723782690738176\"],\"personType\":[\"deptPerson\"],\"positionId\":[\"\"],\"positions\":[\"\"],\"roles\":[\"\"],\"sex\":[1],\"tenantId\":[\"11111111-1111-1111-1111-111111111113\"],\"tenantName\":[\"default\"],\"tenantShortName\":[\"default\"]}},\"warnings\":[],\"credentials\":[{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{\"UserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\",\"GeoLocation\":{\"latitude\":null,\"longitude\":null,\"accuracy\":null,\"timestamp\":null,\"valid\":false}}}],\"attributes\":{\"credentialType\":[\"RememberMeUsernamePasswordCredential\"],\"clientIpAddress\":[\"0:0:0:0:0:0:0:1\"],\"authenticationDate\":[1711337508],\"authenticationMethod\":[\"y9AuthenticationHandler\"],\"successfulAuthenticationHandlers\":[\"y9AuthenticationHandler\"],\"serverIpAddress\":[\"127.0.0.1\"],\"userAgent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\"],\"isFromNewLogin\":[true],\"longTermAuthenticationRequestTokenUsed\":[false]},\"successes\":{\"y9AuthenticationHandler\":{\"@class\":\"org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult\",\"handlerName\":\"y9AuthenticationHandler\",\"credentialMetaData\":{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{}},\"warnings\":[]}},\"failures\":{}},\"originalAuthentication\":{\"@class\":\"org.apereo.cas.authentication.DefaultAuthentication\",\"authenticationDate\":\"2024-03-25T03:31:48.413487Z\",\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{\"avator\":[\"\"],\"caid\":[\"\"],\"dn\":[\"cn=系统管理员,o=虚拟组织\"],\"email\":[\"\"],\"globalManager\":[true],\"guidPath\":[\"1598723782640406528,1598723782690738176\"],\"idNum\":[\"\"],\"loginName\":[\"systemManager\"],\"loginType\":[\"loginName\"],\"managerLevel\":[1],\"mobile\":[\"13111112222\"],\"name\":[\"系统管理员\"],\"original\":[true],\"originalId\":[\"\"],\"parentId\":[\"1598723782640406528\"],\"password\":[\"$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm\"],\"personId\":[\"1598723782690738176\"],\"personType\":[\"deptPerson\"],\"positionId\":[\"\"],\"positions\":[\"\"],\"roles\":[\"\"],\"sex\":[1],\"tenantId\":[\"11111111-1111-1111-1111-111111111113\"],\"tenantName\":[\"default\"],\"tenantShortName\":[\"default\"]}},\"warnings\":[],\"credentials\":[{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{\"UserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\",\"GeoLocation\":{\"latitude\":null,\"longitude\":null,\"accuracy\":null,\"timestamp\":null,\"valid\":false}}}],\"attributes\":{\"credentialType\":[\"RememberMeUsernamePasswordCredential\"],\"clientIpAddress\":[\"0:0:0:0:0:0:0:1\"],\"authenticationDate\":[1711337508],\"authenticationMethod\":[\"y9AuthenticationHandler\"],\"successfulAuthenticationHandlers\":[\"y9AuthenticationHandler\"],\"serverIpAddress\":[\"127.0.0.1\"],\"userAgent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\"]},\"successes\":{\"y9AuthenticationHandler\":{\"@class\":\"org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult\",\"handlerName\":\"y9AuthenticationHandler\",\"credentialMetaData\":{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{}},\"warnings\":[]}},\"failures\":{}},\"chainedAuthentications\":[{\"@class\":\"org.apereo.cas.authentication.DefaultAuthentication\",\"authenticationDate\":\"2024-03-25T03:31:48.413487Z\",\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{\"avator\":[\"\"],\"caid\":[\"\"],\"dn\":[\"cn=系统管理员,o=虚拟组织\"],\"email\":[\"\"],\"globalManager\":[true],\"guidPath\":[\"1598723782640406528,1598723782690738176\"],\"idNum\":[\"\"],\"loginName\":[\"systemManager\"],\"loginType\":[\"loginName\"],\"managerLevel\":[1],\"mobile\":[\"13111112222\"],\"name\":[\"系统管理员\"],\"original\":[true],\"originalId\":[\"\"],\"parentId\":[\"1598723782640406528\"],\"password\":[\"$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm\"],\"personId\":[\"1598723782690738176\"],\"personType\":[\"deptPerson\"],\"positionId\":[\"\"],\"positions\":[\"\"],\"roles\":[\"\"],\"sex\":[1],\"tenantId\":[\"11111111-1111-1111-1111-111111111113\"],\"tenantName\":[\"default\"],\"tenantShortName\":[\"default\"]}},\"warnings\":[],\"credentials\":[{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{\"UserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\",\"GeoLocation\":{\"latitude\":null,\"longitude\":null,\"accuracy\":null,\"timestamp\":null,\"valid\":false}}}],\"attributes\":{\"credentialType\":[\"RememberMeUsernamePasswordCredential\"],\"clientIpAddress\":[\"0:0:0:0:0:0:0:1\"],\"authenticationDate\":[1711337508],\"authenticationMethod\":[\"y9AuthenticationHandler\"],\"successfulAuthenticationHandlers\":[\"y9AuthenticationHandler\"],\"serverIpAddress\":[\"127.0.0.1\"],\"userAgent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\"]},\"successes\":{\"y9AuthenticationHandler\":{\"@class\":\"org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult\",\"handlerName\":\"y9AuthenticationHandler\",\"credentialMetaData\":{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{}},\"warnings\":[]}},\"failures\":{}}],\"fromNewLogin\":true,\"service\":{\"@class\":\"org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl\",\"id\":\"http://localhost:7070/demo/org\",\"originalUrl\":\"http://localhost:7070/demo/org\",\"artifactId\":null,\"principal\":\"systemManager\",\"source\":\"service\",\"loggedOutAlready\":false,\"format\":\"XML\",\"attributes\":{\"service\":[\"http://localhost:7055/sso/oauth2.0/callbackAuthorize?client_id=clientid&redirect_uri=http%3A%2F%2Flocalhost%3A7070%2Fdemo%2Forg&response_type=code&client_name=CasOAuthClient\"],\"response_type\":[\"code\"],\"redirect_uri\":[\"http://localhost:7070/demo/org\"],\"client_name\":[\"CasOAuthClient\"],\"client_id\":[\"clientid\"]}},\"registeredService\":{\"@class\":\"org.apereo.cas.support.oauth.services.OAuthRegisteredService\",\"serviceId\":\"^(https?)://.*\",\"name\":\"oauthServiceDemo\",\"theme\":\"y9-apereo\",\"id\":1,\"description\":\"oauth Authentication app demo\",\"evaluationOrder\":1002,\"attributeReleasePolicy\":{\"@class\":\"org.apereo.cas.services.ReturnAllAttributeReleasePolicy\",\"authorizedToReleaseCredentialPassword\":true,\"authorizedToReleaseProxyGrantingTicket\":true},\"logoutUrl\":\"http://localhost:7055/oauth/public/oauth/callback\",\"clientSecret\":\"secret\",\"clientId\":\"clientid\",\"bypassApprovalPrompt\":true,\"generateRefreshToken\":true,\"renewRefreshToken\":true,\"supportedGrantTypes\":[\"refresh_token\",\"password\",\"client_credentials\",\"authorization_code\"],\"supportedResponseTypes\":[\"code\",\"token\"]},\"context\":{\"org.apereo.cas.ticket.TicketGrantingTicket\":\"TGT-1-LZcFE8ouDeZdi-qX0uf1gcXGDCQfWes4dC0AqXqR7AUND-vRHUfhLTqxe5gLpRYJr8U-Tobins-Mac-Studio\"}},\"dn\":\"cn=系统管理员,o=虚拟组织\",\"managerLevel\":1,\"password\":\"$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm\",\"globalManager\":true,\"tenantName\":\"default\",\"org.apereo.cas.authentication.Authentication\":{\"authenticationDate\":\"2024-03-25T03:31:48.413487Z\",\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{\"avator\":[\"\"],\"caid\":[\"\"],\"dn\":[\"cn=系统管理员,o=虚拟组织\"],\"email\":[\"\"],\"globalManager\":[true],\"guidPath\":[\"1598723782640406528,1598723782690738176\"],\"idNum\":[\"\"],\"loginName\":[\"systemManager\"],\"loginType\":[\"loginName\"],\"managerLevel\":[1],\"mobile\":[\"13111112222\"],\"name\":[\"系统管理员\"],\"original\":[true],\"originalId\":[\"\"],\"parentId\":[\"1598723782640406528\"],\"password\":[\"$2a$10$gCFWPLF35jyJ4P.5kN1siO.lC0lW/Dg/RMAFvjgq4uLJLYx.CxYHm\"],\"personId\":[\"1598723782690738176\"],\"personType\":[\"deptPerson\"],\"positionId\":[\"\"],\"positions\":[\"\"],\"roles\":[\"\"],\"sex\":[1],\"tenantId\":[\"11111111-1111-1111-1111-111111111113\"],\"tenantName\":[\"default\"],\"tenantShortName\":[\"default\"]}},\"warnings\":[],\"credentials\":[{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"//5zAHkAcwB0AGUAbQBNAGEAbgBhAGcAZQByAA==\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{\"UserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\",\"GeoLocation\":{\"latitude\":null,\"longitude\":null,\"accuracy\":null,\"timestamp\":null,\"valid\":false}}}],\"attributes\":{\"credentialType\":[\"RememberMeUsernamePasswordCredential\"],\"clientIpAddress\":[\"0:0:0:0:0:0:0:1\"],\"authenticationDate\":[1711337508],\"authenticationMethod\":[\"y9AuthenticationHandler\"],\"successfulAuthenticationHandlers\":[\"y9AuthenticationHandler\"],\"serverIpAddress\":[\"127.0.0.1\"],\"userAgent\":[\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0\"]},\"successes\":{\"y9AuthenticationHandler\":{\"@class\":\"org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult\",\"handlerName\":\"y9AuthenticationHandler\",\"credentialMetaData\":{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"systemManager\",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\",\"properties\":{}},\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"systemManager\",\"attributes\":{}},\"warnings\":[]}},\"failures\":{}},\"caid\":\"\",\"loginName\":\"systemManager\",\"personType\":\"deptPerson\",\"idNum\":\"\",\"org.apereo.cas.ticket.TicketGrantingTicket\":\"TGT-1-LZcFE8ouDeZdi-qX0uf1gcXGDCQfWes4dC0AqXqR7AUND-vRHUfhLTqxe5gLpRYJr8U-Tobins-Mac-Studio\",\"email\":\"\",\"original\":true,\"sex\":1,\"guidPath\":\"1598723782640406528,1598723782690738176\",\"mobile\":\"13111112222\",\"positions\":\"\",\"org.apereo.cas.services.RegisteredService\":{\"serviceId\":\"^(https?)://.*\",\"name\":\"oauthServiceDemo\",\"theme\":\"y9-apereo\",\"id\":1,\"description\":\"oauth Authentication app demo\",\"evaluationOrder\":1002,\"attributeReleasePolicy\":{\"@class\":\"org.apereo.cas.services.ReturnAllAttributeReleasePolicy\",\"authorizedToReleaseCredentialPassword\":true,\"authorizedToReleaseProxyGrantingTicket\":true},\"logoutUrl\":\"http://localhost:7055/oauth/public/oauth/callback\",\"clientSecret\":\"secret\",\"clientId\":\"clientid\",\"bypassApprovalPrompt\":true,\"generateRefreshToken\":true,\"renewRefreshToken\":true,\"supportedGrantTypes\":[\"refresh_token\",\"password\",\"client_credentials\",\"authorization_code\"],\"supportedResponseTypes\":[\"code\",\"token\"]},\"parentId\":\"1598723782640406528\",\"positionId\":\"\",\"name\":\"系统管理员\",\"tenantId\":\"11111111-1111-1111-1111-111111111113\",\"avator\":\"\",\"personId\":\"1598723782690738176\",\"originalId\":\"\",\"tenantShortName\":\"default\"}",
"client_id": "clientid",
"grant_type": "refresh_token"
}