Spring Boot Oauth2令牌請求 - 來自BasicAuthenticationFilter的錯誤客戶端憑證

Question

在用戶身份驗證和批准後，當Oauth2客戶端應用程序從OAuth2 AuthServer的令牌端點請求令牌時，請求有關Spring引導OAuth2應用程序BadCredentialsException的幫助。

春天啓動的OAuth2應用程序都基於現在著名的戴夫Syer春季啓動/ OAuth2用戶界面的客戶端/的oauth2 AuthServer/JWT例如https://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/oauth2

這是在客戶端應用程序調試：

DEBUG org.springframework.web.client.RestTemplate - Created POST request for "authserver/uaa/oauth/token" 
DEBUG org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider - Encoding and sending form: {grant_type=[authorization_code], code=[xxxxx], redirect_uri=[oauthclientapp/login]} 
DEBUG org.springframework.web.client.RestTemplate - POST request for "authserver/uaa/oauth/token" resulted in 200 (null) 
DEBUG org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token 

這是AuthServer的調試：

DEBUG org.springframework.security.web.FilterChainProxy - /oauth/token at position 9 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
DEBUG org.springframework.security.web.authentication.www.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'clientID' 
DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 
DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - User 'clientID' not found 
DEBUG org.springframework.security.web.authentication.www.BasicAuthenticationFilter - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 

的OAuth2用戶端的應用程序就像一個在這個例子中，在令牌請求PR沒有定製只要無論@EnableOAuth2Sso給我們什麼。 AuthServer上的ClientDetails配置也如下例所示，所以沒什麼特別的。

任何建議，以更好地排除故障這是非常感謝。謝謝。

@Override 
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
      clients.inMemory() 
        .withClient("clientID") 
        .secret("acmesecret") 
        .authorizedGrantTypes("authorization_code", "refresh_token", 
          "password").scopes("openid"); 
     } 

Answer 1

我用你的配置發送POST請求時/的OAuth /令牌端點這樣了同樣的錯誤：

curl localhost:8080/oauth/token -d grant_type=authorization_code -d client_id=acme -d redirect_uri=http://localhost:4200/redirectUrl -d code=5chf5f 

我的目的是使用授權碼流，我不想提供導致錯誤

-d client_sercret=acmesecret 

如果你的情況是你可能要添加其他客戶沒有祕密授權碼流相同的client_secret參數：

@Override 
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
     clients.inMemory() 
       .withClient("clientWithSecret") 
       .secret("acmesecret") 
       .authorizedGrantTypes("password") 
       .scopes("openid") 
       .and() 
       .withClient("clientNoSecret") 
       .authorizedGrantTypes("authorization_code", "refresh_token") 
       .scopes("openid"); 
    }