1

I'm trying to get a token using rest controller and AuthorizationServerTokenServices.

I want to send my OAuth2Authentication through my body:

this is my request:

POST /external/oauth/token HTTP/1.1
Host: localhost:9000
Authorization: Basic Y2xpZW5012345678901234==
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: ebec711e-dc8f-4abc-ab54cd-61ec1234567

username=x&password=x&grant_type=x&scope=read write
  • username=x&password=x&grant_type=x&scope=read write is a raw and Text

and this is controller:

 @RequestMapping(value = {"/external/oauth/token","/external/oauth/token"}, method=RequestMethod.POST ,consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE,MediaType.ALL_VALUE},
                produces = {MediaType.APPLICATION_ATOM_XML_VALUE, MediaType.APPLICATION_JSON_VALUE,MediaType.ALL_VALUE})
        public OAuth2AccessToken getAccessToken( OAuth2Authentication temp) {
           ///not important 
        }

When im trying to run this endpoint im getting null on the passing object(=temp)

I'm attaching my http configure:

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http
                    .userDetailsService(userDetailsService)
                    .authorizeRequests()
                    .antMatchers(
                            "/**/users/**"
                            , "/**/groups/**"
                    )
                    .authenticated()
                    .and()
                    .authorizeRequests()
                    .anyRequest().permitAll();
        }

    }
JJ Redikes
  • 421
  • 6
  • 19
  • what do I miss here? – JJ Redikes Jun 11 '19 at 13:15
  • Is your user authenticated? – akuma8 Jun 11 '19 at 13:40
  • @akuma8 what do you mean? if you mean this one: private CustomUserDetailsService userDetailsService; so yes – JJ Redikes Jun 11 '19 at 13:43
  • @akuma8 look what I just added in the bottom of the post – JJ Redikes Jun 11 '19 at 13:47
  • I mean, is your user already authenticated or not? We use `OAuth2Authentication` to extract authenticated user's information, so if your user is not authenticated `OAuth2Authentication` is null. – akuma8 Jun 11 '19 at 13:51
  • @akuma8 how can I authenticated my user before this endpoint called? – JJ Redikes Jun 11 '19 at 16:33
  • @akuma8 when im running the original endpoint for getting token there is no problem but when I wrap it with the endpoint above im getting null – JJ Redikes Jun 11 '19 at 17:02
  • See my answer. You have to add an `Authorization` header to your endpoint – akuma8 Jun 11 '19 at 17:10
  • If I understand your need, you want 2 ways to generate an access token? Since by defaut to get an access token you have to send a POST request to `/oauth/token`, why do you need another way to do that since Spring Security does this for you? – akuma8 Jun 11 '19 at 17:21
  • @akuma8 spring security do it only in one way /oauth/token but I want to get another way to do that, I mean 2 ways, bc im using 2 version of application... is that possible to do that? if yes so how? – JJ Redikes Jun 11 '19 at 17:27

0 Answers0