我只能从理论上回答你的问题:

I can just answer your questions in theory:

那么为什么来自/oauth/token 的 OPTIONS 请求响应具有 401 状态，即使它不应该?它不会让我们授权自己，因为它卡在我们无法添加授权标头的 OPTIONS 请求中.

So why is that an OPTIONS request from /oauth/token responses with 401 status even when it shouldn't? It won't let us authorize ourselves because it get's stuck at OPTIONS request in which we can't add authorization header.

这是因为 AuthServer 的默认配置 是只允许在令牌端点进行完全身份验证的请求.

This is because the default configuration of the AuthServer is to allow only a fully authenticated request at the token endpoint.

在您的资源服务器中，您允许所有请求在没有身份验证的情况下发生:http.authorizeRequests().anyRequest().permitAll();

In your Resource server, you allow all requests to happen without authentication with this: http.authorizeRequests().anyRequest().permitAll();

我试图解决这种情况，就像这里提到的here，但我无法让它为我工作.

I tried to solve this circumstance like mentioned here, but I couldn't get that working for me.

为了完整起见，我也在这里提到，你必须添加一个 CorsFilter 将正确的标题添加到 OPTIONS 预检请求中.

Just for completeness I also mention here, that you have to add a CorsFilter to add the correct Headers to the OPTIONS preflight request.

我也问了一个非常相似的问题，所以也许如果我的问题得到解答，您也可以使用这些信息解决您的问题.

I also asked a very similar question, so maybe if mine gets answered, you are capable of solving your problem as well with these informations.