GET /oauth/token with grant_type=authorization_code 返回未授权

Question

I am using spring boot oauth2 trying to set up an authorization code grant flow. The authorize endpoint works, generates a code and stores it in our postgres store. However the second step to get a token from using the code does not work.

I've not modified anything with grant_types (like with TokenGranter ) that's still all as default in spring.

I am not sending over a principle.. I believe the authorization_code takes over that?

I call something like:

GET http://localhost:8088/<my_spring_app>/oauth/token?
grant_type=authorization_code&client_secret=<client_secret>
&redirect_uri=<redirect_to_flask_app>&code=Q6PNye
&scope=<three>+<scope>+<types>&client_id=<my_id>

I receive:

{
    "timestamp": 1520635615344,
    "status": 401,
    "error": "Unauthorized",
    "message": "Full authentication is required to access this resource",
    "path": "/<my_spring_app>/oauth/token"
}

I'm still new to spring so I don't know where to start looking into the Spring code to find why it doesn't believe I'm authenticated.

Does anyone know where to even start looking? Thanks!!

Answer 1

You are not implementing OAuth2,
I can see in the response Location is again /<my_spring_app>/oauth/token same server calling same server, its not OAuth2,
your server should have called another server OAuth2 implemented to authenticate your service,
so in response you must have received another service url to hit like example google.com/oauth2/authorize/code=something...