I am running a OAuth Provider using Spring and "password" grant type.
Running this (provider is on port 8080):
curl -u "app:appclientsecret" "http://localhost:8080/oauth/token" --data "grant_type=password&username=marissa&password=koala"
returns:
{"access_token":"56da4d2b-7e66-483e-b88d-c1a58ee5a453","token_type":"bearer","expires_in":43199,"scope":"read"}
For some reason there is no refresh token. I know according to the spec, the refresh token is optional; is there some way to enable it that I missed?
For reference, here is my provider code:
@SpringBootApplication
public class Provider {
public static void main(String... args) {
System.setProperty("server.port", "8080");
SpringApplication.run(Provider.class, args);
}
@Configuration
@EnableWebSecurity
static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final UserStoreType type = UserStoreType.IN_MEMORY;
enum UserStoreType {
IN_MEMORY,
}
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
switch(type) {
case IN_MEMORY:
System.err.println("Setting up user creds..");
auth.inMemoryAuthentication()
.withUser("marissa").password("koala").roles("USER")
.and()
.withUser("admin").password("topsecret").roles("USER", "ADMIN");
break;
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {}
}
@Configuration
@EnableAuthorizationServer
static class OAuthConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(new InMemoryTokenStore()).authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.checkTokenAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("resource-serv")
.scopes("read")
.resourceIds("my-resource")
.secret("secret123")
.and()
.withClient("app")
.authorizedGrantTypes("client_credentials", "password")
.scopes("read")
.resourceIds("my-resource")
.secret("appclientsecret");
}
}
}
Use the code you get after a user authorizes your app to get an access token and refresh token. The access token will be used to authenticate requests that your app makes. Access tokens are short lived, so you can use the refresh token to get a new access token when the current access token expires.
The Refresh Token grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.
The client needs authorizedGrantType "refresh_token".
Try this
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("resource-serv")
.scopes("read")
.resourceIds("my-resource")
.secret("secret123")
.and()
.withClient("app")
.authorizedGrantTypes("client_credentials", "password", "refresh_token")
.scopes("read")
.resourceIds("my-resource")
.secret("appclientsecret");
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With