OAuth2 Password Grant Type with Client

2018-06-30 11:07:15

I am developing an app to access its own resources via Rest endpoints.

Users are required to acquire access token via email/password. After completed Authentication server configuration, I had this observation:

With:

curl client:secret@localhost:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password

I am getting the correct response:

{"access_token":"7541a4f6-e841-41a0-8a54-abf8e0666ed1","token_type":"bearer","refresh_token":"d3fdd7e3-53eb-4e7b-aa45-b524a9e7b316","expires_in":43199,"scope":"openid"}

However With:

curl http://localhost:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password -d client_id=client -d client_secret=secret

I am getting the following error:

DEBUG 4123 --- [nio-9999-exec-7] osswaExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)

It looks like the client_id & client_secret are not being recognized when send as parameters. Is this a configuration issue or to do with the version of OAuth2 I am using ( spring-security-oauth2 , 2.0.5.RELEASE )

A lot of example I come across on the Internet suggest approach one should work with OAuth2.

Thanks :)

There's no method of authenticating the Client against the Authorization Server that is mandatory to implement by spec. Two methods that have been specified that MAY be supported are the HTTP Basic Authentication pattern and the HTTP POST parameter pattern that you've used in your examples. Apparently Spring supports only the first, which seems to be supported by the docs at: http://projects.spring.io/spring-security-oauth/docs/oauth2.html

链接地址: http://www.djcxy.com/p/84996.html

上一篇: 如何保持评论

下一篇: 具有客户端的OAuth2密码格式类型