Our stack uses Backbone as our client application and Spring Boot as a RESTful API.
We are trying to perform basic authentication using OAuth2 with a username and password.
We use Spring Security for authentication and the jQuery $ .ajax method for queries. However, the answer we get is 401 (unauthorized) status in the OPTIONS preprofessional request, before we can even authorize the POST header with our secret. However, we can ALMOST or GET any other resource without any problems. The server response for the OPTIONS request is 200 (ok), and then it follows the POST request.
So why is it an OPTIONS request from / oauth / token responses with 401 status, even if it shouldn't? This will not allow us to log in, because it is stuck in an OPTIONS request, in which we cannot add an authorization header.
Here's how we handle requests on the interface:
$.ajax({ url: "http://localhost:8080/oauth/token", type: "POST", beforeSend: function(xhr) { xhr.setRequestHeader("Authorization", "Basic Y2xpZW50YXBwOjEyMzQ1Ng=="); }, data: { password: "qwerty", username: "jkowalski", grant_type: "password" } });
This is our OAuth2 config:
@Configuration public class OAuth2ServerConfiguration { private static final String RESOURCE_ID = "restservice"; @Configuration @EnableResourceServer protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { [...] @Override public void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http .authorizeRequests() .anyRequest().permitAll(); } } [...] @Configuration @EnableAuthorizationServer protected static class OAuth2AuthorizationConfig extends AuthorizationServerConfigurerAdapter { @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
source share