Reputation: 6611
Oauth2 and Spring-Security: Fail on authentication using Oauth2 and spring-security
I want to use Oauth2 and Spring-security with rest web service. I am new for this, i am trying to create configuration with the help of some websites. Still, i clearly not understand how and what is the flow for oauth authenticate for rest service. i am using latest dependencies Click on the link for see my configurations. I am using database for store clients information and tokens. when i trying to access the token, using follwoing url with post request and post body:
http://localhost:8080/empirecl-api/oauth/token
grant_type=password&[email protected]&password=password&client_id=my-client-with-secret&client_secret=ak_secret
The basic authentication pop-up box will appear. I am using chrome rest postman client. I have user table in my database where i store, username and password, when i enter those username and password, the authentication fail, If i use i my client_id and client_secret as a username and password, the authentication is fail. When i cancel the pop of basic authentication following json is return:
{
"error": "unauthorized",
"error_description": "No client with requested id: [email protected]"
}
I am unable to figure out what will happen.
When i trying to access following url with get reqquest:
http://localhost:8080/empirecl-api/oauth/authorize?grant_type=password&[email protected]&password=password
The following error will return:
{
"error": {
"error": "invalid_client",
"error_description": "Bad client credentials"
}
}
When i check the error in console, of eclipse, the follwoing error is display:
AuthorizationEndpoint:436 - Handling ClientRegistrationException error: No client with requested id: null
How i resolve this problem and how to use Oauth with my rest api. I also want to secure my all rest url with Oauth.
Upvotes: 1
Views: 23743
Answers (2)
Reputation: 101
You need to pass your client username and password as a Base64 encoded Authorization header.
Try using curl. Here is an example:
curl -v -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" \
'http://localhost:8080/empirecl-api/oauth/token?grant_type=password&[email protected]&password=password'
I have a working example described here
Upvotes: 1
Reputation: 22762
There are a couple of things wrong here.
- You are using the wrong endpoint - the request should be to the token endpoint, not the authorization endpoint.
- It should be a POST request - you shouldn't be passing the parameters in the URL
- You are confusing when the user has to authenticate and when the client does - the server was looking for Basic credentials from the client but you were entering the username.
See the oauth2 spec section on using the resource owner password grant.
The client needs to authenticate and, as porterhead points out, you can do this using Basic authentication. The spec does also allow passing of the client id and secret as post parameters, but prefers Basic authentication.
You should probably make sure you understand a bit more about how OAuth2 works, and perhaps expand your question to explain why you want to use it and why you've chosen this particular grant type.
Upvotes: 3
Related Questions
- Authorization failing using Spring Boot and Spring Security
- OAuth2 With Spring Boot Unauthorized (401) Response
- OpenID (OAuth2) Authorization failing using Spring Boot and Spring Security
- Configure security in Spring OAuth2: Access is denied for authentication request
- Spring Security OAuth2: InsufficientAuthenticationException
- Oauth2 doesn't work in Spring Boot
- Spring Security OAuth2 | InsufficientAuthenticationException
- Oauth2 authentication failed
- Unable to authenticate to an oauth2 server with spring oauth
- Spring OAuth2 issues