Spring Security OAuth 2.0 - client secret always required for authorization code grant

前端未结

关注

 6  1174

陌清茗 2020-12-03 11:54

According to the spec, requests for a token using the authorization code grant are not required to be authenticated as long as the client_id is included in the

6条回答

有刺的猬 (楼主)

2020-12-03 12:20

This worked for me

    @Override
    public void configure(AuthorizationServerSecurityConfigurer cfg) throws Exception {
        cfg
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients()
            .passwordEncoder(clientPasswordEncoder());
    }


    @Bean("clientPasswordEncoder")
    PasswordEncoder clientPasswordEncoder() {
        return new BCryptPasswordEncoder(4);
    }

Test 1:

Test 2:

0 讨论(0)

查看其它6个回答