stackoom
  简体   繁体   中英

Spring Authorization Server 1.0.0: invalid_client error while requesting /oauth2/token

 原文  2023-01-03 06:57:11       java/ spring-boot/ oauth-2.0/ spring-authorization-server

Question

I have setup a simple Spring Authorization Server using the example provided in the Spring Authorization Server repo.

I am using OIDC Debugger to test it out. I am able to get the form login page. I enter my user ID and password, and I'm successfully able to get the Authorization code. The next step is to exchange this code to get the access token (from the /oauth2/token endpoint). Here is where I get an error.

This is my request to /oauth2/token

curl --location --request POST 'http://localhost:8080/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=messaging-client' \
--data-urlencode 'client_secret=secret' \
--data-urlencode 'code=ARfoO0m_srZSzi0RJgryvAyxOEmcoOHAZbFVYJlmng71x1CTv7qdCGD3I-DwG8EuBYBdyUGhmZwo5LBmoXyoxxuEuSZwJ7tPjYvQED7OBriRc4uFky5NbtNKuctz1PGt' \
--data-urlencode 'redirct_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug'

When I send this request, I get a 401 Unauthorized error with the body as follows:

{
    "error": "invalid_client"
}

My Security Configuration (just showing the client setup for brevity)

@Bean
    public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("messaging-client")
                .clientSecret("{noop}secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
                .redirectUri("http://127.0.0.1:8080/authorized")
                .redirectUri("https://oidcdebugger.com/debug")
                .scope(OidcScopes.OPENID)
                .scope(OidcScopes.PROFILE)
                .scope("message.read")
                .scope("message.write")
                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                .build();

        // Save registered client in db as if in-memory
        JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);
        registeredClientRepository.save(registeredClient);

        return registeredClientRepository;
    }

And, I am also using 1.0.0 version of the Spring Authorization Server dependency.

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-authorization-server</artifactId>
    <version>1.0.0</version>
</dependency>

What am I missing?

**Edit: ** I also tried to pass the client ID and secret as a Basic Auth Header (Base64 encoded), as follows: 

  curl --location --request POST 'http://localhost:8080/oauth2/token' \
    --header 'Authorization: Basic bWVzc2FnaW5nLWNsaWVudDpzZWNyZXQ=' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=authorization_code' \
    --data-urlencode 'code=ARfoO0m_srZSzi0RJgryvAyxOEmcoOHAZbFVYJlmng71x1CTv7qdCGD3I-DwG8EuBYBdyUGhmZwo5LBmoXyoxxuEuSZwJ7tPjYvQED7OBriRc4uFky5NbtNKuctz1PGt' \
--data-urlencode 'redirct_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug'

But this time, I get a 400 Bad Request error with the following payload

{
    "error": "invalid_grant"
}

2 answers

solution1
 0  2023-01-03 07:16:18

I am using OIDC Debugger to test it out.

What is the Authorize URI that you give the debugger? You cannot use localhost there as it needs to be accessible to the debugger.

I suggest either setup port forwarding to the 8080 port or use tunneling/reverse proxy like ngrok to temporarily expose your authorization server. Make sure to use the custom forwarding url instead of localhost .

solution2
 0  2023-01-03 08:35:54

I found the problem. In the request to /oauth/token, I had made a typo in the redirect_uri parameter. I fixed that, and it worked.

It was a silly mistake from my side!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question spring-security-oauth2-authorization-server:0.1.1 get token error invalid_client Getting invalid_client error when trying to revoke an access token in Spring Authorization Server invalid_client in jsonresponse in oauth2 android invalid_client when requesting Amazon Cognito token with code from java spring back end I was trying to update new spring security oauth2 authorization server from 0.3.1 to 1.0.0 and got an invalide scope error.How to fix it Redirecting user to oauth2 authorization server to get token Spring Boot Spring oauth2 /oauth/token invalid credentials Spring boot OAuth2 - OAuth Token does not return authorization token Spring OAuth2 explain Authorization server configuration How to configure a Oauth2 authorization server with Spring?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM