ResourceOwnerPasswordResourceDetails - pass client and secret to generate oauth2 token

Question

ResourceOwnerPasswordResourceDetails - pass client and secret to generate oauth2 token

I followed the accepted answer mentioned in this question to generate an OAuth2 token. However I am getting an HTTP 401 response. When I debugged I saw that clientid

and were clientsecret

not being submitted as part of the form in the HTTP request. I only see the values listed below. Do I have to do anything extra to transfer clientid

and clientsecret

?

{grant_type=[password], username=[username], password=[password]}

+3

java spring spring-boot spring-security oauth-2.0

Punter vicky May 09 '17 at 12:48

source to share

1 answer

dur · Accepted Answer · 2017-05-09T15:46:47+0000

By default, the client uses the basic HTTP authentication scheme, but your server expects a "form authentication scheme".

Your server is not OAuth 2 compliant, see RFC 6749 :

2.3.1. Client password

Clients possessing a client password MAY use HTTP Basic as defined in [RFC2617] to authenticate with an authorization server. The client id is encoded using the "application / x-www-form-urlencoded" encoding algorithm in Appendix B, and the encoded value is used as the username; the client password is encoded using the same algorithm and used as the password. The authorization server MUST support HTTP Basic authentication to authenticate clients who issued the client password.

But you can change your client's authentication scheme to "form", see OAuth 2 Developer's Guide :

clientAuthenticationScheme:

The scheme your client uses to authenticate the token access endpoint. Suggested values are "http_basic" and "form". Default: "http_basic". See Section 2.1 of the OAuth 2 specification.

ResourceOwnerPasswordResourceDetails - pass client and secret to generate oauth2 token

More articles: