Spring Oauth2 Authorization Server
10,505
To use password grant you need to provide an authentication manager to the authorization server (in the empty method with the TODO in your example), so it can authenticate users. If it's a Spring Boot application there is always an AuthenticationManager
available to be @Autowired
.
Related videos on Youtube
Author by
JSH
Updated on June 04, 2022Comments
-
JSH almost 2 years
I setting the Spring Configuration Below:
@EnableAuthorizationServer @EnableWebSecurity @Configuration public class Oauth2Provider extends WebSecurityConfigurerAdapter implements AuthorizationServerConfigurer { /* * @Autowired private TokenStore tokenStore; */ @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("user").password("password") .roles("USER").and().withUser("admin").password("password") .roles("USER", "ADMIN"); } } @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { // TODO Auto-generated method stub security.allowFormAuthenticationForClients(); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { // TODO Auto-generated method stub clients.inMemory() .withClient("my-trusted-client") .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit") .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT", "ROLE_ANONYMOUS") .scopes("read", "write", "trust") .secret("secret") .accessTokenValiditySeconds(60); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { // TODO Auto-generated method stub } }
And Maven Setting is Below:
<dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> <version>2.0.5.RELEASE</version> </dependency>
I Access : http://localhost:8080/oauth/token Payload grant_type=password&password=password&username=user&scope=read&client_id=my-trusted-client&client_secret=secret
But I receive error below:
{ error: "unsupported_grant_type" error_description: "Unsupported grant type: password" }
-
lilalinux about 6 yearsAnd make sure to allow "password" in the client's authorizedGrantTypes
-
Igor Donin almost 6 years"If it's a Spring Boot application there is always an AuthenticationManager available to be @Autowired", not anymore, if you do declare a UserDetailsService, right?
-
The_Cute_Hedgehog almost 5 years
AuthenticationConfiguration
object is injected andAuthenticationManager
object is provided with#getAuthenticationManager
method.