0

I am looking for a simple OAuth2restClient example (without SpringBOOT) I am trying with:

    ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
    
    resource.setAccessTokenUri( "https://mypage.com/oauth2/v1/token");
    resource.setClientId("clientid1 ");
    resource.setClientSecret("clientsecret1");
    resource.setGrantType("client_credentials");
     
    resource.setScope(Arrays.asList(new String[] { "openid customscope" }));

    headers = new HttpHeaders();
    headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
    headers.add(" sub1", "");

    
    DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();

    OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource, clientContext);
    MyEntity request = new MyEntity();

    
    HttpEntity<MyEntity> request = new HttpEntity<MyEntity>(request, headers);

    ResponseEntity<MyResp> respEntity = null;
    
    ClientCredentialsAccessTokenProvider  prov = new ClientCredentialsAccessTokenProvider();
      
    restTemplate.setAccessTokenProvider(prov);

    respEntity = restTemplate.postForEntity(url, request, MyResp.class);

I always get the "https://mypage.com/oauth2/v1/token" resulted in 401 (Unauthorized); Exception in thread "main" error="access_denied", error_description="Error requesting access token." What is missing, what is the right way, i am passing all the credentials . Any simple working sample please,

Phil
  • 1
  • Note that you are using the [deprecated](https://spring.io/blog/2020/05/07/end-of-life-for-spring-security-oauth) spring-security-oauth module. Please migrate to a supported version of Spring Security as soon as possible. You can follow the official migration guide [here](https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide). – Eleftheria Stein-Kousathana Mar 16 '22 at 11:26
  • Ah! Thank you @EleftheriaStein-Kousathana. The problem i had is, it is an existing application where i can't introduce spring beans. I solved it with HTTP Client – Phil Apr 04 '22 at 14:45

1 Answers1

0

Your code looks mostly correct but you are using the wrong media type. You should be using Form URL Encoded, as in this HTTP message.

Another possible problem is use of the openid scope, since there is no user identity with this flow. Make sure any scopes you use are configured against the client in the Authorization Server.

LIBRARIES

Out of interest, my personal recommendation is to use respected standards based OAuth libraries provided by security specialists.

As an example, see this client credentials code snippet, which uses connect2id libraries. Benefits are as follows:

  • Clean code with good object names
  • Headers etc are done for you
  • Code works with any provider
  • Good docs, for learning
  • Advanced capabilities, if ever needed

CURL TESTING

I always recommend getting this type of message working with tools first. Try adapting this to your use case and running it from the command line:

curl -u 'myclientid:myclientsecret' \
-X POST http://myauthserver/oauth-token \
-H 'content-type: application/x-www-form-urlencoded' \
-d grant_type=client_credentials \
-d scope=read

If the curl request fails, then analyse the error response details, and also have a look at server logs, so that you understand the cause.

Gary Archer
  • 22,534
  • 2
  • 12
  • 24
  • Thank you , i tried adding the "form URL encoded" that did not work. It fails before calling the service. hte Mediatype passed to the service, but it fails while getting the access token. – Phil Mar 11 '22 at 08:11
  • I updated my answer - get rid of the openid scope and then get the above curl request working (you will need to adapt it to your own values). Once the curl request works you should find your code does also. – Gary Archer Mar 11 '22 at 09:38