[英]unable to get Oauth2 token from auth server
I have an auth-server configured in spring with 我在春季配置了一个身份验证服务器
clients
.inMemory()
.withClient("my-web-app")
.secret("my-web-app-secret")
.authorizedGrantTypes(//
"authorization_code",//
"refresh_token",//
"password"//
).scopes("openid")
Now I want to develop a command line application for the webapp. 现在,我想为webapp开发一个命令行应用程序。 Hence I need to register one more client with a seperate client id and secret.
因此,我需要使用单独的客户端ID和密码注册另一个客户端。 I have done something like this
我做了这样的事情
.and()
.inMemory()
.withClient("my-cli")
.secret("my-cli-secret")
.authorizedGrantTypes("authorization_code","client_credentials")
.scopes("read","write","trust").authorities("ROLE_USER");
What I want to achieve is use simply provide the username/password and the client app should be able to get the auth token from the auth server. 我要实现的是使用用户名/密码,客户端应用程序应该能够从身份验证服务器获取身份验证令牌。
What I have tried and understood is I should be using Resource Owner password Grant. 我尝试并了解的是,我应该使用“资源所有者”密码授予。 I have to use the spring Oauth2restTemplate after this.
在此之后,我必须使用spring Oauth2restTemplate。 The problem in this configuration is when I m hitting the tokenuri im getting
此配置中的问题是当我击中tokenuri时
{
error: "unauthorized"
error_description: "Full authentication is required to access this resource"
}
and everytime it is hitting with the anonymous user. 并且每次都遭到匿名用户的攻击。
If you want to user username/password for obtaining the access token you definitely need to use grant_type=password
. 如果要使用用户名/密码获取访问令牌,则绝对需要使用
grant_type=password
。
You also don't need to specify .inMemory()
twice - just two clients with .and()
between them. 您还不需要指定
.inMemory()
两次-只需两个客户端之间使用.and()
。
So the configuration then have to be something like 因此,配置必须类似于
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
// First client
.withClient("my-web-app")
.secret("my-web-app-secret")
.authorizedGrantTypes(//
"authorization_code",//
"refresh_token",//
"password"//
).scopes("openid")
// Second Client(CLI)
.and()
.withClient("my-cli")
.secret("my-cli-secret")
.authorizedGrantTypes("password")
.scopes("read", "write", "trust")
.authorities("ROLE_USER");
}
And other very important thing - you need to set the Authorization:
header in the http request for the token. 还有其他非常重要的事情 -您需要在http请求的令牌中设置
Authorization:
标头。 So the header should be 所以标题应该是
"Authorization: Basic " + Base64.encodeBase64String((clientId + ":" + clientSecret).getBytes())
This header is checked before the username\\password and defines that the client(CLI in your case) is an authorized client (this can cause the error from your question). 将在用户名\\密码之前检查此标头,并定义客户端(在您的情况下为CLI)是授权的客户端(这可能导致您的问题引起错误)。
That would be really good if you can add the code how exactly you use Oauth2RestTemplate
如果您可以添加代码来精确地使用
Oauth2RestTemplate
那将非常好
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.