CODEWITHSUNDEEP
javaspring-security-oauth2oauth2client
Robin Hermans
Robin Hermans

Reputation: 1599

How do I implement the client_credentials grant for my OAuth2 Client

I recently implemented the client_credentials grant for my OAuth2 provider, which is based on Spring security OAuth2. Than I moved to the client to implement the mechanism there. I added the @EnableOAuth2Client annotation and set the following configuration:

spring:
  oauth2:
    client:
      id: myResource
      clientId: myClientId
      clientSecret: myClientSecret
      accessTokenUri: http://localhost:8080/oauth/token
      grantType: client_credentials

I'm not really clear on why I need to add the id setting. According to the error message the provider manager needs to support it. This is the error I'm getting:

Unable to obtain a new access token for resource 'myResource'. The provider manager is not configured to support it.

After searching the internet for a while I found that I need to add a global servlet of the DelegatingFilterProxy that delegates to a bean named "oauth2ClientContextFilter"

https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/EnableOAuth2Client.java

I found some implementations on how to do that but they all use XML instead of annotation to set their configuration.

<filter>
  <filter-name>myFilter</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>myFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#delegating-filter-proxy

So in conclusion:

  1. Is this the right approach to setting up the client_credentials grant for my OAuth2 Client?
  2. How can I set the DelegatingFilterProxy using annotation as stated in the @EnableOAuth2Client class?
  3. Why does it need to delegate to a bean named 'oauth2ClientContextFilter'?

Thanks in advance

Upvotes: 0

Views: 1189

Answers (1)

Robin Hermans
Robin Hermans

Reputation: 1599

So I managed to fix my problem.
After putting this on hold for a while I gave it another try.
It seems that I'm using the wrong ResourceDetails class for my OAuth2RestTemplate.
So replacing

AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();

with 

ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();

fixed the problem.

Upvotes: 2

Related Questions