春季安全性Oauth2令牌错误:“缺少授权类型”
[英]Spring security Oauth2 token error: “Missing grant type”
问题描述
I've secured an endpoint with OAuth2 and JWT but when attempting to authenticate, I'm keep getting the error: "Missing grant type". 
我已经使用OAuth2和JWT保护了端点,但是在尝试进行身份验证时,总是收到错误消息:“缺少授权类型”。 I've tryed to add the Content-Type header as suggested in other topics but it was useless. 我尝试按照其他主题中的建议添加Content-Type标头,但它没有用。 Here is my curl command: 这是我的curl命令:
curl -vu aClient:aSecret -X POST --header "Content-Type:application/x-www-form-urlencoded" 'http://localhost:9000/oauth/token?username=mauricio.coder&password=123&grant_type=password'
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9000 (#0)
* Server auth using Basic with user 'aClient'
> POST /oauth/token?username=mauricio.coder&password=123&grant_type=password HTTP/1.1
> Host: localhost:9000
> Authorization: Basic YUNsaWVudDphU2VjcmV0
> User-Agent: curl/7.52.1
> Accept: */*
> Content-Type:application/x-www-form-urlencoded
>
< HTTP/1.1 400
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< X-Application-Context: application:9000
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Mon, 20 Nov 2017 12:34:10 GMT
< Connection: close
<
* Curl_http_done: called premature == 0
* Closing connection 0
{"error":"invalid_request","error_description":"Missing grant type"}
Is there anything wrong? 有什么问题吗?
1 个解决方案
解决方案1
2 已采纳 2017-11-20 15:56:23
You need to pass data as form data instead of url parameters. 您需要将数据作为表单数据而不是url参数传递。 Your command should be .. 您的命令应该是..
curl -u aClient:aSecret --data "grant_type=password&username=mauricio.coder&password=123" -X POST -H "Content-Type:application/x-www-form-urlencoded" http://localhost:9000/oauth/token
UPDATE FOR ADDITIONAL QUESTIONS IN COMMENTS BELOW: 以下注释中的其他问题的更新:
As per spring oauth2 documentation 根据Spring OAuth2文档
password grants are switched on by injecting an AuthenticationManager.
Ref - http://projects.spring.io/spring-security-oauth/docs/oauth2.html for more details. 参考-http: //projects.spring.io/spring-security-oauth/docs/oauth2.html了解更多详细信息。
So, if your configuration is like below it should work fine for password grant flow. 因此,如果您的配置如下所示,则可以很好地用于密码授予流程。
@Configuration
@EnableAuthorizationServer
protected static class OAuth2AuthorizationConfig extends
AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("myclient")
.secret("myclientsecret")
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
...
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.