Spring-Security-Oauth2: Full authentication is required to access this resource

java oauth-2.0 unauthorized spring-security-oauth2

The client_id and client_secret, by default, should go in the Authorization header, not the form-urlencoded body.

  1. Concatenate your client_id and client_secret, with a colon between them: [email protected]:12345678.
  2. Base 64 encode the result: YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==
  3. Set the Authorization header: Authorization: Basic YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==

By default Spring OAuth requires basic HTTP authentication. If you want to switch it off with Java based configuration, you have to allow form authentication for clients like this:

@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.allowFormAuthenticationForClients();
  }
}

Related

Does minifying and concatenating JS/CSS files, and using sprites for images still provide performance benefits when using HTTP/2?
Why the 20px gap at the top of my UIViewController?
E/Surface﹕ getSlotFromBufferLocked: unknown buffer: 0xab7519c0
Why can we not use default methods in lambda expressions?
React.createClass vs extends Component
What values are returned from model.evaluate() in Keras?
Why does an overridden get-only property stay null when set in base class constructor?
How to fix: Domain does not resolve to the GitHub Pages server. Error in Github Pages for custom domain setup with Enforce HTTPS Enabled?
How to prevent Chrome from changing font when autofilling username/password?
Memory Allocation Profiling in C++
When should one use the Actor model?
Derived subgroups of $SL(2,2)$, $SL(2,3)$ and $GL(2,3)$