Spring Boot Oauth2令牌请求 - 来自BasicAuthenticationFilter的错误客户端凭据

时间:2017-03-29 00:27:47

标签: spring-boot oauth-2.0 token credentials

在用户身份验证和批准后,我的Oauth2客户端应用程序从OAuth2 AuthServer的令牌端点请求令牌时,请求帮助Spring Boot OAuth2应用程序的BadCredentialsException。

Spring Boot OAuth2应用程序基于现在着名的Dave Syer Spring Boot / Oauth2 UI Client / Oauth2 AuthServer / JWT示例https://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/oauth2

这是在客户端应用程序的调试中:

DEBUG org.springframework.web.client.RestTemplate - Created POST request for "authserver/uaa/oauth/token"
DEBUG org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider - Encoding and sending form: {grant_type=[authorization_code], code=[xxxxx], redirect_uri=[oauthclientapp/login]}
DEBUG org.springframework.web.client.RestTemplate - POST request for "authserver/uaa/oauth/token" resulted in 200 (null)
DEBUG org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token

这是AuthServer的调试:

DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token at position 9 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG org.springframework.security.web.authentication.www.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'clientID'
DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'clientID' not found
DEBUG org.springframework.security.web.authentication.www.BasicAuthenticationFilter - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

Oauth2客户端应用程序就像示例中的那个,在令牌请求过程中没有自定义,只是@ EnableOAuth2Sso为我们提供的任何内容。 AuthServer上的ClientDetails配置也就像下面的示例一样,所以没什么特别的。

非常感谢任何有关更好地解决此问题的建议。感谢。

@Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            clients.inMemory()
                    .withClient("clientID")
                    .secret("acmesecret")
                    .authorizedGrantTypes("authorization_code", "refresh_token",
                            "password").scopes("openid");
        }

1 个答案:

答案 0 :(得分:0)

在向/ oauth / token端点发送POST请求时,我的配置出现了同样的错误,如下所示:

curl localhost:8080/oauth/token -d grant_type=authorization_code -d client_id=acme -d redirect_uri=http://localhost:4200/redirectUrl -d code=5chf5f

我的意图是使用授权代码流,我不想提供导致错误的client_secret参数

-d client_sercret=acmesecret

如果您的情况相同,您可能希望添加另一个没有秘密授权代码流的客户端:

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("clientWithSecret")
                .secret("acmesecret")
                .authorizedGrantTypes("password")
                .scopes("openid")
                .and()
                .withClient("clientNoSecret")
                .authorizedGrantTypes("authorization_code", "refresh_token")
                .scopes("openid");
    }
相关问题
最新问题