I am developing an application to access my own resources through Rest endpoints.
Users must receive an access token via email / password. After completing the authentication server configuration, I had this observation:
FROM
curl client: secret@localhost :9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password
I get the correct answer:
{"access_token":"7541a4f6-e841-41a0-8a54-abf8e0666ed1","token_type":"bearer","refresh_token":"d3fdd7e3-53eb-4e7b-aa45-b524a9e7b316","expires_in":43199,"scope":"openid"}
However, with:
curl http://localhost:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password -d client_id=client -d client_secret=secret
I get the following error:
DEBUG 4123 --- [nio-9999-exec-7] osswaExceptionTranslationFilter: Access denied (user anonymous); authentication redirection entry point
org.springframework.security.access.AccessDeniedException: access denied org.springframework.security.access.vote.AffirmativeBased.decide (AffirmativeBased.java:83)
It seems that client_id and client_secret are not recognized when sent as parameters. Is this a configuration issue or is it related to the version of OAuth2 that I am using ( spring -security-oauth2 , 2.0.5.RELEASE )
Many of the examples I come across on the Internet offer an approach that should work with OAuth2.
Thanks:)
Jiandong chen
source share