Announcement Announcement Module
Collapse
No announcement yet.
oauth 2 An Authentication object was not found in the SecurityContext Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    If your client sends client credentials as form parameters (it should not, but may according to the spec) you need a filter on the server to extract them (ClientCredentialsTokenEndpointFilter). It would be better to send them in a header (use authentication-type="header" in the client resource configuration if your client is a Spring OAuth client).

    Comment


    • #17
      and again - YOU ARE THE MAN!
      I've added ClientCredentialsTokenEndpointFilter to my chain, and now I get to the TokenEndpoint.
      (I thought that ClientCredentialsTokenEndpointFilter should be in use only if I pass the params in the URL e.g. https://bla-bla/oauth/token?client_i...ret=something2...)

      Suppose I wanna work properly (and I do) - what is the way? Currently the flow is:
      OAuth2RestTemplate --> AccessTokenProviderChain.obtainAccessToken() --> AuthorizationCodeAccessTokenProvider.obtainAccessT oken() --> AuthorizationCodeAccessTokenProvider.retrieveToken (), where in between getParametersForTokenRequest() "prepares" the form parameters. So seems it's out of my control - how can I make sure the data is not in the form, but in the body?

      Comment


      • #18
        Your AuthorizationCodeAccessTokenProvider should have a ClientAuthenticationHandler, and it is responsible for setting up the header. My best guess is you <oauth:resource/> configuration has the wrong authentication-type, but it's possible you have overridden the handler.

        Comment

        Working...
        X