How to call JHipster (Spring) OAuth2 Rest server using Postman Authentication helpers

Question

Postman has Authentication helpers to help with authenticated calls and I\'m trying to use the OAuth 2.0 helper to call a REST server created by JHipster using

Answer 1

JHipster is currently setup to use the "password" oauth2 grant type. The helper oauth2 helper only seems to work with "authorization code" and "client credentials" grant types.

What you'll want to do is first call your app's token endpoint directly as the angular app does in src/main/webapp/scripts/components/auth/provider/auth.oauth2.service.js

POST http://localhost:8080/oauth/token?username=MY_USERNAME&password=MY_PASSWORD&grant_type=password&scope=read%20write

where your username and password can be "user" and "user" respectively, for example and with one header set:

Authorization: Basic AAAAAA

where AAAAAA is your (clientId + ":" + clientSecret)--all base64-encoded. You can use https://www.base64encode.org/. For example if your clientId is "jhipsterapp" and your clientSecret is "mySecretOAuthSecret", replace AAAAAA with "amhpcHN0ZXJhcHA6bXlTZWNyZXRPQXV0aFNlY3JldA==" since that is "jhipsterapp:mySecretOAuthSecret" base64-encoded.

That should return you an access_token. Now hit your API endpoints by calling them with the access_token from your password request in your header like this.

Authorization: Bearer access_token_from_earlier_token_request

Update: if you're using microservices and UAA, then see Niel's answer https://stackoverflow.com/a/45549789/1098564

Answer 2

To build on @sdoxsee's answer:

Currently (August 2017) JHipster generates a class called UaaConfiguration with the configure(ClientDetailsServiceConfigurer) method setting up the client ID, client secret, scope and grant type. Refer to these settings (including the referenced JHipster properties in the application*.yml) to populate the Postman authentication helper, using /oauth/token as both Auth URL and Access Token URL.

---

Example:

@Override                                                                                                     
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {                              
    /*                                                                                                        
    For a better client design, this should be done by a ClientDetailsService (similar to UserDetailsService).
     */                                                                                                       
    clients.inMemory()                                                                                        
        .withClient("web_app")                                                                                
        .scopes("openid")                                                                                     
        .autoApprove(true)                                                                                    
        .authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code")                  
        .and()                                                                                                
        .withClient(jHipsterProperties.getSecurity().getClientAuthorization().getClientId())                  
        .secret(jHipsterProperties.getSecurity().getClientAuthorization().getClientSecret())                  
        .scopes("web-app")                                                                                    
        .autoApprove(true)                                                                                    
        .authorizedGrantTypes("client_credentials");                                                          
}  

And,

jhipster:
    security:
        client-authorization:
            client-id: internal
            client-secret: internal

Means your authentication helper should be populated as follows: