I have a Spring boot app that is using Spring Security and OAuth2
In my OAuth2Config class which extends AuthorizationServerConfigurerAdapter I have
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("name")
.secret(passwordEncoder.encode("password"))
.scopes("read", "write")
.authorizedGrantTypes("password", "refresh_token", "client_credentials")
.accessTokenValiditySeconds(20000)
.refreshTokenValiditySeconds(20000);
}
and in my SecurityConfig class which extends WebSecurityConfigurerAdapter I have
@Override
@Autowired
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(encoder());
}
This means that I need to do Basic Auth with "name" and "password", as well as submit form data with "someUserInUserDatabase" and "someUserInUserDatabasePassword" to the /oauth/token endpoint in order to get a token back.
However, I would like just to submit the "someUserInUserDatabase" and "someUserInUserDatabasePassword", since I don't see a benefit of submitting the "name" and "password" in the login form my app uses, since everyone will need to know "name" and "password", which is universal to all users so it doesn't have any benefit.
Is this possible?