4

I'm currently working on a simple Spring Boot application where I pass client_id and secret to get the access token which gets me a refresh and access token.

But then when I try to access resources(my REST API) using that token (with this URL: curl -H "Authorization: Bearer ead8ba5d-88ad-4531-a821-db08bf25e888" localhost:8081/my-end-point ), it doesn't work for me and gives me following error-

{"error":"invalid_token","error_description":"Invalid access token: ead8ba5d-4531-db08bf2fe888"}

This is how my endpoint looks like- 

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import java.security.Principal;

@RestController
@RequestMapping(path = "/my-end-point")
public class PrincipalResource {

    @RequestMapping(method = RequestMethod.POST)
    public Principal oauth(Principal principal) {
        /*
         * Translate the incoming request, which has an access token
         * Spring security takes the incoming request and injects the Java Security Principal
         * The converter inside Spring Security will handle the to json method which the Spring Security
         * Oauth client will know how to read
         *
         * The @EnableResourceServer on the application entry point is what makes all this magic happen.
         * If there is an incoming request token it will check the token validity and handle it accordingly
         *
         *
         */


        return principal;
    }
} `
shreya
  • 159
  • 2
  • 4
  • 14
  • its due to authentication problem, It could be helpful to you https://stackoverflow.com/questions/29596036/spring-security-oauth2-resource-server-always-returning-invalid-token – Kalaiselvan Feb 13 '18 at 07:47
  • I'm following this article for the implementation of oauth2 - https://dazito.com/java/spring-boot-and-oauth2-with-jdbc – shreya Feb 13 '18 at 08:18

1 Answers1

0

make sure that in your AuthServerOAuth2Config security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {     
    security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");       
}

and start generating some tokens by making POST requests to your server at URL:localhost:yourport/oauth/token

for example: 

http://localhost:8085/oauth/token?client_secret=secret&client_id=web&grant_type=password&username=kalaiselvan&password=kalaiselvan

it will return token

 {
   "access_token": "8b816685-b7da-4996-a3e2-ff18b4538a2b",
   "token_type": "bearer",
   "refresh_token": "f458c09b-f739-4488-be0f-2b0e3c5a62d1",
   "expires_in": 637,
   "scope": "read"
 }

enter image description here

copy the access_token from the response data and make new POST request http://localhost:8085/account enter image description here

I hope it will be helpful to you

Kalaiselvan
  • 2,095
  • 1
  • 18
  • 31