我可以从理论上回答你的问题：

I can just answer your questions in theory:

那么为什么来自/ oauth / token的OPTIONS请求具有401状态，即使它不应该？它不会让我们授权自己，因为它遇到了OPTIONS请求，我们无法添加授权头。

So why is that an OPTIONS request from /oauth/token responses with 401 status even when it shouldn't? It won't let us authorize ourselves because it get's stuck at OPTIONS request in which we can't add authorization header.

这是因为 AuthServer的默认配置仅允许令牌端点处的完全身份验证的请求。

This is because the default configuration of the AuthServer is to allow only a fully authenticated request at the token endpoint.

在您的资源服务器中，您允许所有请求发生，而不进行身份验证，使用： http.authorizeRequests（）。anyRequest（）。permitAll（）;

In your Resource server, you allow all requests to happen without authentication with this: http.authorizeRequests().anyRequest().permitAll();

我试图解决这种情况，例如这里，但我不能让我为我工作。

I tried to solve this circumstance like mentioned here, but I couldn't get that working for me.

为了完整性我也提到这里，必须添加 CorsFilter 添加正确的标题到OPTIONS预检请求。

Just for completeness I also mention here, that you have to add a CorsFilter to add the correct Headers to the OPTIONS preflight request.

我也问了一个非常类似的问题，所以也许如果我的答案，你是能够解决你的问题，以及与这些信息。

I also asked a very similar question, so maybe if mine gets answered, you are capable of solving your problem as well with these informations.