Open jrhenderson1988 opened 5 years ago
@jrhenderson1988 Please change in your ClientDetailsServiceConfigurer configuration .secret("secret")
to .secret(passwordEncoder().encode("secret"))
. And you have to use in your post request _clientsecret parameter instead of secret.
I am trying to allow OAuth2 authentication by passing the client credentials in the body of a
POST
request, by usingallowFormAuthenticationForClients
. I have the following Authorization Server config setup in my project:I am trying to hit the
/oauth/token
end point with aPOST
request (Without the Authorization header), with thex-www-form-urlencoded
body asbut I am getting back a
401 Unauthorized
response with the following body:Even if I add the correct Authorization header I still get the same result.
Omitting the
client_id
parameter seems to allow the process to revert to the default of accepting client credentials from the request's Authorization header which is successful with a200 Ok
and typical access token/refresh token response.I feel that this could be a bug, but I'm unsure as I am relatively new to Spring and it's quite possible that I'm doing something wrong. Any feedback will be appreciated.