All geek questions in one place

Spring Oauth2 Security Grant Owner Resource Credentials

Installed only spring oauth2 security in my eclipse environment. The service trying to implement will be consumed by third-party users through installed applications, so I decided to use the type of password provision. According to my understanding of Oauth2, the following request should work for the demo sparklr2 service without the need for me to specify username and password parameters. i.e

POST http://localhost:8080/sparklr2/oauth/token?grant_type=password&client_id=my-trusted-client&scope=trust&username=marissa&password=koala

but i keep getting

<oauth>
<error_description>
Full authentication is required to access this resource
</error_description>
<error>unauthorized</error>
</oauth>

Am I missing something in this request or do I need to include something in the repo

+4
source share
2 answers

, Spring OAuth2 OAuth2. OAuth2: http://tools.ietf.org/html/rfc6749#section-4.3.2, , , , ( ).

, ( auth), , , ( ).

sparklr2 my-trusted-client , .

, my-trusted-client-with-secret:

curl -u my-trusted-client-with-secret:somesecret "http://localhost:8080/sparklr2/oauth/token?grant_type=password&username=marissa&password=koala"
+6

, .

, Spring OAuth , .

- . Yout , AuthorizationServerConfigurerAdapter:

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {    
        clients.inMemory()
            .withClient("clientId")
            .authorizedGrantTypes("password")
            .authorities("ROLE_CLIENT")
            .scopes("read");
    }
 }

, HTTP client_id POST.

, :

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.allowFormAuthenticationForClients();
}

, , - Stormpath

POST http://localhost:8080/sparklr2/oauth/token?grant_type=password&client_id=clientId&scope=read&username=marissa&password=koala
+5

Source: https://habr.com/ru/post/1548078/

More articles:


All Articles