0

I am trying to setup spring authorization server by using the getting started guide.

server starts up fine but I am not able to fetch access token using rest API and getting following error:

org.springframework.security.oauth2.core.OAuth2AuthenticationException: Client authentication failed: client_id

I am using following Rest API:

http://localhost:9000/oauth2/token

and passing following payload in request:

grant_type:client_credential
client_id:oidc-client
client_secret:secret

and using basic authentication with following username and password:

username: user
password: password

I am not sure what the above error is pointing me to. Am I using wrong end point or am I using wrong client_id and client_secret.

Would appreciate any help.

Improve this question

1 Answer 1

Reset to default
0

The guide you followed does not have client_credentials grant enabled for the application. You may change your application.yaml configuration to something like this:

authorization-grant-types:
  - "authorization_code"
  - "refresh_token"
  - "client_credentials"

Since client_credentials grant is an application bound grant, you need to add your client_id as the username and client_secret as your password in Basic Authentication. Request body can have the grant_type and scope attributes. Eg:

curl --location 'http://localhost:9000/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <CLIENT_ID>:<CLIENT_SECRET>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=openid profile'

Make sure to encode <CLIENT_ID>:<CLIENT_SECRET> in base 64.

If you need to authenticate a user, use a user bound grant type like authorization_code flow.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.