Java Spring Security OAuth2:通过 POST 接受客户端凭据

我有一个相当基本的 Spring Boot 设置，我已经安装了 Spring Security，并且我已经成功地设置了 OAuth2 来保护我的 API.

I have a fairly basic Spring Boot setup and I have installed Spring Security and I have managed to successfully set up OAuth2 to protect my API.

几天前我遇到了一些麻烦，提出(并回答)了一个关于点击我的>/oauth/token 终点.我很快发现问题在于我试图在我的 POST 请求正文中发送我的客户端凭据，但在 Spring Security 中配置了令牌端点以接受客户端凭据(client_id 和 secret) 改为通过 HTTP 基本身份验证.

I had some trouble a few days back and asked (and answered) a question with regards to hitting my /oauth/token end point. I soon figured out that the problem was that I was trying to send my client credentials in the body of my POST request but the token end point is configured in Spring Security to accept the client credentials (client_id and secret) via HTTP Basic Auth instead.

我使用 OAuth2 API 的大部分经验都涉及在 POST 请求正文中发送客户端凭据，我想知道是否可以将 Spring Security 配置为以相同方式运行?

Most of my experience with consuming OAuth2 APIs has involved sending client credentials in the body of the POST request and I was wondering if it was possible to configure Spring Security to function in the same way?

我尝试了一些不同的东西但没有成功，比如设置以下配置选项，但我觉得这可能只在配置 OAuth2 客户端时使用:

I've tried a few different things with no success, like setting the following configuration option, but I feel like that might only be used when configuring an OAuth2 client:

security.oauth2.client.clientAuthenticationScheme=form

这是我的授权服务器配置.

This is my Authorization server configuration.

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private UserApprovalHandler userApprovalHandler;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client_id")
                .secret("secret")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token")
                .scopes("read", "write")
                .accessTokenValiditySeconds(600)
                .refreshTokenValiditySeconds(3600);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(this.tokenStore)
                .userApprovalHandler(this.userApprovalHandler)
                .authenticationManager(this.authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
        security.tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()")
                .passwordEncoder(this.passwordEncoder);
    }
}