Multiple realm request in Spring Security Oauth2 version 2.0.7.RELEASE
We have an application that uses spring-security-oauth2:1.0
. I tried to change it to a newer version spring-security-oauth2:2.0.7.RELEASE
. If I do not specify, scope
or if I specify one single area, the application works fine. I have a problem when querying multiple scopes such as the read,write
one used to work in the previous version.
The client I am requesting has all permissions read,write and trust
.
When i used spring-security-oauth2:1.0
to get the token i used to make the call like
If you see the scoped parameter scope=read,write
, asking this way I used to get the scoped token read and write
.
If I try to do the same with the Oauth2 version 2.0.7.RELEASE
(with a request POST
though) I get an exception Invalid Scope
because it tokenRequest
accepts read,write
as one scope. The client I am requesting has permissions read,write and trust
, but is read,write
not one of them.
If I try with scope=write
or scope=read
, it works great because read
or write
are part of the client's scope.
If I want to request multiple areas in OAuth2 2.0.7.RELEASE
, how do I do it?
source to share
I found the right way to do this. Instead of comma separated areas, you should use +
to separate areas.
Example read+write
,write+trust
So the following query POST
worked fine.
http: // localhost: 8080 / oauth / token? grant_type = password & client_id = ws & client_secret = secret & scope = read + write & username =user@abc.com & password = temp123
I hope this helps others :)
source to share