sva605
Reputation: 1691
Invalid token does not contain resource id (oauth2-resource)
I'm learning OAuth2 and I have problems with client_credentials grant configuration. Here is some client-server example.
Client side (8080):
@SpringBootApplication
@EnableOAuth2Client
public class ClientApplication {
public static void main(String[] args) {
SpringApplication.run(ClientApplication.class, args);
}
@Bean
@ConfigurationProperties("security.oauth2.client")
public ClientCredentialsResourceDetails oAuthDetails() {
return new ClientCredentialsResourceDetails();
}
@Bean
public OAuth2RestTemplate restTemplate() {
return new OAuth2RestTemplate(oAuthDetails());
}
}
@Configuration
public class ClientSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
}
@Controller
public class ClientController {
@Autowired
private OAuth2RestTemplate template;
@GetMapping("/getServer")
public String get() {
template.getForEntity("http://localhost:8081/endpoint", String.class);
return "index.html";
}
}
Resource server side (8081):
@SpringBootApplication
@EnableResourceServer
public class ServerApplication {
public static void main(String[] args) {
SpringApplication.run(ServerApplication.class, args);
}
}
@Configuration
public class ServerSecurity extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/actuator/**").permitAll();
}
}
@RestController
public class ServerController {
@GetMapping("/endpoint")
public ResponseEntity<String> respond() {
return new ResponseEntity<>("", HttpStatus.OK);
}
}
When I hit client's /getServer, I get this exception:
org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Invalid token does not contain resource id (oauth2-resource)
If I remove ServerSecurity, ClientController works without throwing an exception, but server's actuator/health fails with 401.
What may be wrong?
ADDITIONAL INFO:
client's yml:
server:
port: 8080
security:
oauth2:
client:
grant-type: client_credentials
clientId: __data__
clientSecret: __data__
accessTokenUri: https://dev-410899.oktapreview.com/oauth2/default/v1/token
scope: web_app
resource:
id: oauth2-resource
server's yml:
server:
port: 8081
security:
oauth2:
client:
clientId: __data__
clientSecret: __data__
resource:
tokenInfoUri: https://dev-410899.oktapreview.com/oauth2/default/v1/introspect
Upvotes: 0
Views: 4360
Answers (1)
JohanB
Reputation: 2148
The default OAuth2 resource server id is oauth2-resource. (check ResourceServerSecurityConfigurer).
You can set a custom resource server id:
@Override
public void configure(ResourceServerSecurityConfigurer oauthServer) {
oauthServer
.resourceId("your resource id");
}
You must make sure to give your client_credentials user access to the correct resource server id when issuing a token.
Upvotes: 1
Related Questions
- Invalid token in spring boot resource server
- Spring Boot Resource Server Invalid Token
- Why is my token being rejected? What is a resource ID? "Invalid token does not contain resource id (oauth2-resource)"
- Spring security oAuth 2.0 (Invalid token does not contain resource id (oauth2-resource))
- Unable to access resources with access_token : spring boot Oauth2
- Spring Boot OAuth2 Resource Server - Error by calling user-info-uri or token-info-uri
- Java spring OAuth2 client (resource server) always returns 'invalid token' error
- Spring Security OAuth2 Resource Server Always Returning Invalid Token
- How do you set a resource ID for a token?
- Spring-OAUTH2.0: No resource available error on calling /oauth/token