Oauth2 Spring Security Authorization Code

Question

I am trying to reproduce the oauth server provided here:

https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v The curl call for testin

Answer 1

You need to generate a new authorization code!

You can do it using the grant type authorization_code or password

Using the authorization_code:

Open your browser and to visit the authorization endpoint http://localhost:9999/uaa/oauth/authorize?response_type=code&client_id=acme&redirect_uri=http://example.com

After the login process (login: user password: password), you will be redirected to http://example.com/?code=CODE <-- this is the code that you should use in the next request

now you get the token:

curl acme:acmesecret@localhost:9999/uaa/oauth/token -d grant_type=authorization_code -d client_id=acme -d redirect_uri=http://example.com -d code=CODE

response: {"access_token":"eyJhbGciOiJS....."}

Using the password grantType:

curl acme:acmesecret@localhost:9999/uaa/oauth/token  -d grant_type=password -d username=user -d password=password

response: {"access_token":"eyJhbGciOiJS....."}

I recommend you to read more about oauth grantTypes, to know what's is better for your solution https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified