How authorize in Spring OAuth2 by client_id and secret only?

Question

Now I am using the next configuration:

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(mAppConfig.dataSource())
                .withClient("virto")
                .secret("secret")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token");
    }
}

It requires to send client_id, client_secret, username, password... But I need to provide access_token for my trusted servers that has client_id and client_secret only... How can I make it? Is it possible?

Jun Huh · Accepted Answer

What you need is to configure a client with client_credentials grant

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(mAppConfig.dataSource())
                .withClient("virto")
                .secret("secret")
                .authorizedGrantTypes("client_credentials");
    }
}

To get a token you send a post request, with credentials as base 64 encoded.

POST http://localhost:8080/paymentiq/oauth/token?grant_type=client_credentials -h 'Authorization: [clientId:secret]'

How authorize in Spring OAuth2 by client_id and secret only?

Answers (1)

Related Questions