Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring OAuth2 not giving refresh token

I am running a OAuth Provider using Spring and "password" grant type.

Running this (provider is on port 8080):

curl -u "app:appclientsecret" "http://localhost:8080/oauth/token" --data "grant_type=password&username=marissa&password=koala"

returns:

{"access_token":"56da4d2b-7e66-483e-b88d-c1a58ee5a453","token_type":"bearer","expires_in":43199,"scope":"read"}

For some reason there is no refresh token. I know according to the spec, the refresh token is optional; is there some way to enable it that I missed?

For reference, here is my provider code:

@SpringBootApplication
public class Provider {
    public static void main(String... args) {
        System.setProperty("server.port", "8080");

        SpringApplication.run(Provider.class, args);
    }

    @Configuration
    @EnableWebSecurity
    static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
        private final UserStoreType type = UserStoreType.IN_MEMORY;

        enum UserStoreType {
            IN_MEMORY,
        }

        @Autowired
        public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
            switch(type) {
                case IN_MEMORY:
                    System.err.println("Setting up user creds..");

                    auth.inMemoryAuthentication()
                            .withUser("marissa").password("koala").roles("USER")
                            .and()
                            .withUser("admin").password("topsecret").roles("USER", "ADMIN");

                    break;
            }
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {}
    }

    @Configuration
    @EnableAuthorizationServer
    static class OAuthConfig extends AuthorizationServerConfigurerAdapter {
        @Autowired
        private AuthenticationManager authenticationManager;

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.tokenStore(new InMemoryTokenStore()).authenticationManager(authenticationManager);
        }

        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
            oauthServer.checkTokenAccess("permitAll()");
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            clients.inMemory()
                    .withClient("resource-serv")
                    .scopes("read")
                    .resourceIds("my-resource")
                    .secret("secret123")
                    .and()
                    .withClient("app")
                    .authorizedGrantTypes("client_credentials", "password")
                    .scopes("read")
                    .resourceIds("my-resource")
                    .secret("appclientsecret");
        }
    }
}
like image 584
Arshdeep Sabharwal Avatar asked Jun 15 '15 17:06

Arshdeep Sabharwal


People also ask

How do I get a new refresh token OAuth2?

Use the code you get after a user authorizes your app to get an access token and refresh token. The access token will be used to authenticate requests that your app makes. Access tokens are short lived, so you can use the refresh token to get a new access token when the current access token expires.

How OAuth2 works refresh token?

The Refresh Token grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.


1 Answers

The client needs authorizedGrantType "refresh_token".

Try this

  @Override
            public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
                clients.inMemory()
                        .withClient("resource-serv")
                        .scopes("read")
                        .resourceIds("my-resource")
                        .secret("secret123")
                        .and()
                        .withClient("app")
                        .authorizedGrantTypes("client_credentials", "password", "refresh_token")
                        .scopes("read")
                        .resourceIds("my-resource")
                        .secret("appclientsecret");
            }
like image 82
Matthias Avatar answered Oct 14 '22 16:10

Matthias