javaspring-bootoauth-2.0postmanclientcredential

spring authorization server oauth2 client credentials flow (fail to get token)


Trying to setup a authorization sever with spring authorization server and test with postaman, but keep responding 401, attahced my postaman input in image and console error in image

Mainly reference:

  1. https://www.baeldung.com/spring-security-oauth-jwt
  2. Spring auth server code grant returns 401 unauthorized for endpoint /oauth2/authorize via Postman

Image

postman input console error

2 configuration files

DefaultSecurityConfig.java

@Configuration(proxyBeanMethods = false)
public class DefaultSecurityConfig {

    // @formatter:off
    @Bean
    public   SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests(authorizeRequests ->
        authorizeRequests.anyRequest().authenticated()
    )
    .formLogin(withDefaults());
        return http.build();
    }
    // @formatter:on

    @Bean
    public UserDetailsService users() {
        UserDetails user = User.withDefaultPasswordEncoder()
                .username("user1")
                .password("password")
                .roles("USER")
                .build();
        return new InMemoryUserDetailsManager(user);
    }
    // @formatter:on

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    public HttpSessionEventPublisher httpSessionEventPublisher() {
        return new HttpSessionEventPublisher();
    }

}

AuthorizationServerConfig.java

@ComponentScan(basePackageClasses = AuthorizationServerConfig.class)

public class AuthorizationServerConfig {


  @Bean
  @Order(Ordered.HIGHEST_PRECEDENCE)
  public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
    OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
    return http.formLogin(Customizer.withDefaults()).build();
  }

  @Bean
  @ConditionalOnMissingBean
  public RegisteredClientRepository registeredClientRepository() {

    RegisteredClient codeClient = RegisteredClient.withId(UUID.randomUUID().toString())
    .clientId("code-auth-client")
    .clientSecret("abcde")
    .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
    .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
    .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
    .authorizationGrantType(AuthorizationGrantType.JWT_BEARER)
    .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
    .authorizationGrantType(AuthorizationGrantType.PASSWORD)
    .redirectUri("http://127.0.0.1:8080/redirect/")
    .scope("read-access")
    .build();

    return new InMemoryRegisteredClientRepository(codeClient);
  }

}```

Solution

  • This is due to the default DelegatingPasswordEncoder.

    Try to change

    .clientSecret("abcde")
    

    to

    .clientSecret("{noop}abcde")
    

    May need to change the user's password as well.