Spring-Security-Oauth2: Full authentication is required to access this resource
The client_id
and client_secret
, by default, should go in the Authorization header, not the form-urlencoded body.
- Concatenate your
client_id
andclient_secret
, with a colon between them:[email protected]:12345678
. - Base 64 encode the result:
YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==
- Set the Authorization header:
Authorization: Basic YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==
By default Spring OAuth requires basic HTTP authentication. If you want to switch it off with Java based configuration, you have to allow form authentication for clients like this:
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.allowFormAuthenticationForClients();
}
}