-1

I see that Spring Security Oauth2 has different grant types:

https://projects.spring.io/spring-security-oauth/docs/oauth2.html#grant-types

How do you use a grant type that is not password?

I currently have password based authentication working.

$ curl -u client:123456 http://localhost:8080/oauth/token -d grant_type=password -d username=admin -d password=admin -d client_id=client -d client_secret=123456 -d scope=write
{"access_token":"40add879-3be3-4d94-b969-4dc17975c659","token_type":"bearer","refresh_token":"583eb284-3318-432b-a8a3-b3eee744c9b7","expires_in":40688,"scope":"write"}

I commented out 

@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
            .tokenStore(this.tokenStore).userDetailsService(userDetailsService);
//          .authenticationManager(new AuthenticationManager() {
//          @Override
//          public Authentication authenticate(Authentication authentication)
//                  throws AuthenticationException {
//              return authenticationManagerBuilder.getOrBuild().authenticate(authentication);
//          }
//      });

So it would no longer use password grant types. ("password grants are switched on by injecting an AuthenticationManager").

I then searched the API for 'grant'

https://docs.spring.io/spring-security/oauth/apidocs/index.html

I then tried 

$ curl -u client:123456 http://localhost:8080/oauth/token -d grant_type=token -d client_id=client -d client_secret=123456 -d scope=write
{"error":"unsupported_grant_type","error_description":"Unsupported grant type: token"}
$ curl -u client:123456 http://localhost:8080/oauth/token -d grant_type=client -d client_id=client -d client_secret=123456 -d scope=write
{"error":"unsupported_grant_type","error_description":"Unsupported grant type: client"}
$ curl -u client:123456 http://localhost:8080/oauth/token -d grant_type=code -d client_id=client -d client_secret=123456 -d scope=write
{"error":"unsupported_grant_type","error_description":"Unsupported grant type: code"}

So how do you create a client/secret only grant type to get an access token, without using an username and password in the database? Nowhere can I find a list of valid grant_types!

This seems to be the method to define the allowed grant types, but it doesn't specify the valid values.

https://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/config/annotation/builders/ClientDetailsServiceBuilder.ClientBuilder.html#authorizedGrantTypes(java.lang.String...)

Chloe
  • 25,162
  • 40
  • 190
  • 357

1 Answers1

1

For Client Credentials based token use client_crendentials as grant_type.

$ curl -u client:123456 http://localhost:8080/oauth/token -d grant_type=client_crendentials -d client_id=client -d client_secret=123456 -d scope=write

There is no list of grant_types as such because grant types are defined using TokenGranter interface which can be implemented by anyone. However at the moment there are four main grant_type implemented out of the box in Spring Security OAuth2 framework which are following:

  1. implicit
  2. client_credentials
  3. password
  4. refresh_token

You can use any of the above as grant_type

shazin
  • 21,379
  • 3
  • 54
  • 71
  • I'm getting the error `{"error":"invalid_client","error_description":"Unauthorized grant type: client_credentials"}`. Even though I added `.authorizedGrantTypes("client_crendentials", ...`. By the way, I'm using Spring Security Oauth2 version 2.0.15. – Chloe Jul 30 '18 at 21:05
  • I don't know why, but after I cleaned the project and rebuilt, it is working now. – Chloe Jul 30 '18 at 22:50
  • `client_credentials` not `client_crendentials` sorry for least 6 characters edit. – Se ven Apr 21 '19 at 15:35