0

I'm trying to setup an OAuth2 Authorization Server using Spring Boot and Spring Security's OAuth2 Integration.

When I try to authenticate I get a HTTP status code 400response saying: "Bad Credentials".

Here you can find my Authorization Server and Web Security Configuration: https://gist.github.com/codecitizen/8d130469d83439f5fca86b1a84733aab

I have a custom implementation for UserDetailsService and ClientDetailsService. But they seem to be properly configured. When I run the following test case:

            given().
                    formParam("grant_type", "password").
                    formParam("username", user.getUsername()).
                    formParam("password", password).
                    auth().basic(client.getClientId(), client.getClientSecret()).
            when().
                    post("/oauth/token").
            then().extract().asString();

using RestAssurred, both services are called.

Event stranger: When I set a Break Point in IntelliJ on this expression and evaluate it, it returns a proper JWT token and authentication seemed to have work. When I execute the test method again and to the exact same thing I get: {"error":"invalid_grant","error_description":"Bad credentials"}this response! Without changing anything in the code!

I really cannot figure out what the problem is. Anyone experienced with Spring Security + OAuth2 who can help?

SakeSushiBig
  • 1,481
  • 2
  • 14
  • 20

1 Answers1

0

Are you sure your custom ClientDetails is setup with the correct Oauth2 grant types.

If you have a hand crafted UserDetailsService, possibly it will be configured with the default grant types (and not your required password grant type)

  • authorization_code
  • refresh_token

To add the password grant type you need to do something like this :

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
   InMemoryClientDetailsServiceBuilder clientsBuilder = clients
     .inMemory()
     .withClient("clientid")
     .scopes("openid","read", "write")
     .authorizedGrantTypes("password", "refresh_token", "authorization_code")
     .secret("clientSecret"));
}
ddewaele
  • 22,363
  • 10
  • 69
  • 82
  • Hey, grant types are correct. I checked. I redid all the configuration using http://stytex.de/blog/2016/02/01/spring-cloud-security-with-oauth2/ and then applied my ClientDetailsService and UserDetailsService. The problem was somehow related to the DefaultTokenServices and JwtTokenStore bean. I will look what was the exact reason tomorrow. – SakeSushiBig Jan 10 '17 at 22:13