在用户身份验证和批准后,我的Oauth2客户端应用程序从OAuth2 AuthServer的令牌 endpoints 请求令牌时,请求帮助Spring Boot OAuth2应用程序的BadCredentialsException .
Spring Boot OAuth2应用程序基于现在着名的Dave Syer Spring Boot / Oauth2 UI Client / Oauth2 AuthServer / JWT示例https://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/oauth2
这是在客户端应用程序的调试中:
DEBUG org.springframework.web.client.RestTemplate - Created POST request for "authserver/uaa/oauth/token"
DEBUG org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider - Encoding and sending form: {grant_type=[authorization_code], code=[xxxxx], redirect_uri=[oauthclientapp/login]}
DEBUG org.springframework.web.client.RestTemplate - POST request for "authserver/uaa/oauth/token" resulted in 200 (null)
DEBUG org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
这是AuthServer的调试:
DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token at position 9 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
DEBUG org.springframework.security.web.authentication.www.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'clientID'
DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'clientID' not found
DEBUG org.springframework.security.web.authentication.www.BasicAuthenticationFilter - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
Oauth2客户端应用程序就像示例中的那个,在令牌请求过程中没有自定义,只是@ EnableOAuth2Sso为我们提供的任何内容 . AuthServer上的ClientDetails配置也就像下面的示例一样,所以没什么特别的 .
任何建议,以更好地解决这个问题非常感谢 . 谢谢 .
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("clientID")
.secret("acmesecret")
.authorizedGrantTypes("authorization_code", "refresh_token",
"password").scopes("openid");
}
1 回答
在向/ oauth / token endpoints 发送POST请求时,我的配置出现了同样的错误,如下所示:
我的意图是使用授权代码流,我不想提供导致错误的client_secret参数
如果您的情况相同,您可能希望添加另一个客户端,而不需要授权代码流的秘密: