if (!(principal instanceof Authentication)) { thrownew InsufficientAuthenticationException( "There is no client authentication. Try adding an appropriate authentication filter."); } //获取clientId String clientId = getClientId(principal); //获取第三方应用的详细配置信息 ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId); //使用第三方应用信息创建TokenRequest TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient); //有没有传clientId if (clientId != null && !clientId.equals("")) { // Only validate the client details if a client authenticated during this // request. //与配置里面的是否匹配 if (!clientId.equals(tokenRequest.getClientId())) { // double check to make sure that the client ID in the token request is the same as that in the // authenticated client thrownew InvalidClientException("Given client ID does not match authenticated client"); } } if (authenticatedClient != null) { //检查scope oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient); } //grant_type是否存在值,对应四种授权模式和刷新token if (!StringUtils.hasText(tokenRequest.getGrantType())) { thrownew InvalidRequestException("Missing grant type"); } //是否简化模式 if (tokenRequest.getGrantType().equals("implicit")) { thrownew InvalidGrantException("Implicit grant type not supported from token endpoint"); } //是否是授权码模式 if (isAuthCodeRequest(parameters)) { // The scope was requested or determined during the authorization step if (!tokenRequest.getScope().isEmpty()) { logger.debug("Clearing scope of incoming token request"); //如果是授权码模式scope设置为空,根据获取code时的scope设置 tokenRequest.setScope(Collections.<String> emptySet()); } } //是否刷新令牌 if (isRefreshTokenRequest(parameters)) { // A refresh token has its own default scopes, so we should ignore any added by the factory here. //设置scope tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE))); } //获取OAuth2AccessToken OAuth2AccessToken token = getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest); if (token == null) { thrownew UnsupportedGrantTypeException("Unsupported grant type: " + tokenRequest.getGrantType()); }