This is my actual OAuth2 architecture:
I used this example to build it.
Lets call the servers:
- RS: Resource Server
- AS: Authorization Server
The resource server has the protected /resource, after manually obtaining a token from the Authorization Server I can access the protected resource:
$ curl -H "Authorization: Bearer $TOKEN" http://RS/resource
$ Hi from resource server db9096ea-698e-4fc2-a0f9-4af6ab65ca30
So far so good, the data from the protected RS/resource is obtained.
Now, in my Angular/Node app when I press the login button a http://RS/login request will be fired, this is the flow:
http://RS/login: http 302, redirection to the AS.http://AS/uaa/oauth/authorize?client_id=acme&redirect_uri=http://RS/login&response_type=code&state=nTFE9R: The user log in and the code is obtain, a http 302 is fired.http://RS/login?code=7kQJ2G&state=nTFE9R: Http 302, is returned to the RS.http://RS/: Is redirected to the root of the RS, but with an http 401 Unauthorized.
If you see, I never obtained access to the http://RS/resource from the Angular/Node app. In fact my address change to http://RS/ in my browser.
Do you know how can I obtain access to the protected resource from my Angular Node App?
