Adding more then one client to the Spring OAuth2 Auth Server

java spring spring-security oauth-2.0 spring-security-oauth2
dplesa picture dplesa · Mar 1, 2016 · Viewed 7.5k times · Source

I have Spring OAuth Authorization server and I want to add support for more then one client(id). I configured clients like this:

clients
            .inMemory().withClient(client).secret(clientSecret)
            .resourceIds(resourceId)
            .authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
            .authorities("ROLE_USER")
            .scopes("read", "write")
            .autoApprove(true)
            .and()
            .inMemory().withClient("acme").secret("acmesecret")
            .resourceIds(resourceId)
            .authorizedGrantTypes("client_credentials", "password", "refresh_token", "implicit", "authorization_code")
            .authorities("ROLE_USER_ACME")
            .scopes("read", "write")
            .autoApprove(true);

I can get access token with first client, but i get this error when trying to get access token with second client:

{
  "timestamp": 1456822249638,
  "status": 401,
  "error": "Unauthorized",
  "message": "Bad credentials",
  "path": "/oauth/token"
}

Is it possible to add more then one client and how to do it? Allso, how to read clients from a database?

Answer

Ali Dehghani picture Ali Dehghani · Mar 1, 2016

Do not use multiple inMemory builders, instead concatenate multiple withClients inside one inMemory:

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
                .withClient("first")
                .secret("secret")
                .scopes("read")
                .authorizedGrantTypes("password")
            .and()
                .withClient("sec")
                .secret("secret")
                .scopes("read")
                .authorizedGrantTypes("password");
}

Related questions

How to implement rate limiting based on a client token in Spring?

I am developing a simple REST API using Spring 3 + Spring MVC. Authentication will be done through OAuth 2.0 or basic auth with a client token using Spring Security. This is still under debate. All connections will be forced through an SSL …

Read More
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

I have a Spring MVC web app which uses Spring Security. I want to know the username of the currently logged in user. I'm using the code snippet given below . Is this the accepted way? I don't like having a …

Read More