I have set up OAuth2 with Spring Security for my localhost test application with
- Azure
- GitHub
Now I tried to do the same with Xing https://dev.xing.com/docs/authentication (OAuth2).
spring:
security:
oauth2:
client:
provider:
xing:
authorization-uri: https://api.xing.com/auth/oauth2/authorize
token-uri: https://api.xing.com/auth/oauth2/token
registration:
xing:
client-id: ${XING_CLIENT_ID}
client-secret: ${XING_CLIENT_SECRET}
client-name: Xing
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
authorization-grant-type: authorization_code
Looks similar to the Facebook configuration.
After the login in the 4 step from the XING Documentation an error is thrown: [invalid_client] Invalid client id and/or client secret.
Using debugger I found out, that client id and secret are not added to that Authorization Request, not even when requesting GitHub. Now I wonder because I thought this is essential in this step.
DefaultAuthorizationCodeTokenResponseClient.java Line 75:
In my understanding, Client ID and Secret would have to be used for all OAuth2 providers at this point, right?
Regardless, do I need to override the DefaultAuthorizationCodeTokenResponseClient class somehow, or is there an easy way to implement a solution for XING here?
