From 5c33c833916720fc7cd9ab88531292555eca8abf Mon Sep 17 00:00:00 2001
From: ziy <1936893077@qq.com>
Date: Sun, 13 Jul 2025 14:39:06 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9ClientIdSecretModel=E7=9A=84?=
 =?UTF-8?q?=E8=AF=BB=E5=8F=96=E6=9E=84=E5=BB=BA=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../resolver/SaOAuth2DataResolverDefaultImpl.java  | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java
index 423d9e0c..9d8dba77 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java
@@ -51,14 +51,22 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver {
     @Override
     public ClientIdAndSecretModel readClientIdAndSecret(SaRequest request) {
         // 优先从请求参数中获取
-        String clientId = request.getParam(Param.client_id);
-        String clientSecret = request.getParam(Param.client_secret);
+        String clientId = request.getParam(SaOAuth2Consts.Param.client_id);
+        String clientSecret = request.getParam(SaOAuth2Consts.Param.client_secret);
+        String authorizationValue = SaHttpBasicUtil.getAuthorizationValue();
         if(SaFoxUtil.isNotEmpty(clientId)) {
+            // 如果请求参数中没有提供 client_secret 参数，则尝试从 Authorization 中获取
+            // 防止请求参数只存在client_id，而client_secret只存在Authorization中的场景导致的获取client_secret失败
+            if (SaFoxUtil.isEmpty(clientSecret) && SaFoxUtil.isNotEmpty(authorizationValue)) {
+                int index = authorizationValue.indexOf(StrUtil.COLON);
+                if (index >= 0) {
+                    clientSecret = authorizationValue.substring(index + 1);
+                }
+            }
             return new ClientIdAndSecretModel(clientId, clientSecret);
         }
 
         // 如果请求参数中没有提供 client_id 参数，则尝试从 Authorization 中获取
-        String authorizationValue = SaHttpBasicUtil.getAuthorizationValue();
         if(SaFoxUtil.isNotEmpty(authorizationValue)) {
             String[] arr = authorizationValue.split(":");
             clientId = arr[0];
-- 
Gitee