admin管理员组文章数量:1310221
I'm setting up a Spring Authorization Server (Spring Boot 3.4.1) and encountering an invalid_client error when requesting an access token for a pre-configured client. Here's my setup:
Configration
@Bean
fun registeredClientRepository(): RegisteredClientRepository {
val adminClient = RegisteredClient.withId("admin-client")
.clientId("admin-client")
.clientSecret("{noop}secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.scope("client.create")
.build()
return InMemoryRegisteredClientRepository(adminClient)
}
@Bean
@Order(1)
@Throws(Exception::class)
fun authorizationServerSecurityFilterChain(
http: HttpSecurity, jdbcOperations: JdbcOperations, registeredClientRepository: RegisteredClientRepository
): SecurityFilterChain {
val authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer.authorizationServer()
http.authorizeHttpRequests { it.requestMatchers("/auth/**").permitAll() }
.securityMatcher(authorizationServerConfigurer.endpointsMatcher).with(
authorizationServerConfigurer
) { authorizationServer ->
authorizationServer.registeredClientRepository(registeredClientRepository(jdbcOperations))
.authorizationService(JdbcOAuth2AuthorizationService(jdbcOperations, registeredClientRepository))
.authorizationConsentService(
JdbcOAuth2AuthorizationConsentService(
jdbcOperations,
registeredClientRepository
)
).authorizationServerSettings(endpoints).tokenGenerator(JwtGenerator(NimbusJwtEncoder(jwkSource())))
}
return http.build()
}
POST /auth/oauth2/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW4tY2xpZW50OnNlY3JldA== # Base64("admin-client:secret")
grant_type=client_credentials&scope=client.create
Observations
The client admin-client exists in the database with secret secret (stored plaintext).
Tried both CLIENT_SECRET_BASIC (via header) and CLIENT_SECRET_POST (via body) – same error.
Verified token endpoint URL matches AuthorizationServerSettings.
Error
{
"error": "invalid_client"
}
Question - What could cause Spring Authorization Server to reject valid client credentials despite correct configuration? Are there hidden requirements for client secret storage or authentication method validation?
I'm setting up a Spring Authorization Server (Spring Boot 3.4.1) and encountering an invalid_client error when requesting an access token for a pre-configured client. Here's my setup:
Configration
@Bean
fun registeredClientRepository(): RegisteredClientRepository {
val adminClient = RegisteredClient.withId("admin-client")
.clientId("admin-client")
.clientSecret("{noop}secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.scope("client.create")
.build()
return InMemoryRegisteredClientRepository(adminClient)
}
@Bean
@Order(1)
@Throws(Exception::class)
fun authorizationServerSecurityFilterChain(
http: HttpSecurity, jdbcOperations: JdbcOperations, registeredClientRepository: RegisteredClientRepository
): SecurityFilterChain {
val authorizationServerConfigurer = OAuth2AuthorizationServerConfigurer.authorizationServer()
http.authorizeHttpRequests { it.requestMatchers("/auth/**").permitAll() }
.securityMatcher(authorizationServerConfigurer.endpointsMatcher).with(
authorizationServerConfigurer
) { authorizationServer ->
authorizationServer.registeredClientRepository(registeredClientRepository(jdbcOperations))
.authorizationService(JdbcOAuth2AuthorizationService(jdbcOperations, registeredClientRepository))
.authorizationConsentService(
JdbcOAuth2AuthorizationConsentService(
jdbcOperations,
registeredClientRepository
)
).authorizationServerSettings(endpoints).tokenGenerator(JwtGenerator(NimbusJwtEncoder(jwkSource())))
}
return http.build()
}
POST /auth/oauth2/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW4tY2xpZW50OnNlY3JldA== # Base64("admin-client:secret")
grant_type=client_credentials&scope=client.create
Observations
The client admin-client exists in the database with secret secret (stored plaintext).
Tried both CLIENT_SECRET_BASIC (via header) and CLIENT_SECRET_POST (via body) – same error.
Verified token endpoint URL matches AuthorizationServerSettings.
Error
{
"error": "invalid_client"
}
Question - What could cause Spring Authorization Server to reject valid client credentials despite correct configuration? Are there hidden requirements for client secret storage or authentication method validation?
Share Improve this question edited Feb 2 at 21:11 dur 17k26 gold badges89 silver badges143 bronze badges asked Feb 2 at 20:07 androidDeweleperandroidDeweleper 1157 bronze badges 01 Answer
Reset to default 1With a setup in line with Defining Required Components and additional code from OP, this curl-command is working as expected.
curl -X POST http://localhost:9000/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-u "admin-client:secret" \
-d "grant_type=client_credentials" \
-d "scope=client.create"
I notice that OP is using POST /auth/oauth2/token.
I can reproduce the invalid_client error when using wrong client secret. In my setup, I have a BCryptPasswordEncoder bean, and I need to encrypt the client secret like shown below:
@Bean
public RegisteredClientRepository registeredClientRepository(
PasswordEncoder passwordEncoder) {
var registeredClient = RegisteredClient
.withId(UUID.randomUUID().toString())
.clientId("admin-client")
.clientSecret(passwordEncoder.encode("secret"))
// remaining setup left out
With .clientSecret("{noop}secret"), I get invalid_client.
Tested with this auth-server, make your required changes. Please note that the context path is /auth-server for this app.
本文标签:
版权声明:本文标题:Spring Authorization Server: "invalid_client" Error Despite Correct Client Configuration while requesting regi 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741835565a2400194.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论