Trying to use grails-spring-security-oauth2-provider in grails 2.2.4. The authorize flow is working but when re-submitting the code in order to get a token (via /myapp/oauth/token) I was expecting ClientCredentialsTokenEndpointFilter to authenticate the POST request but it does not. I see it in the filter chain.
Also, will it use the id/secret from my defined client in Config.groovy? It seems like it will try my DaoAuthenticationProvidor first and fail and go straight to the exception filter (and redirect to login endpoint).
DEBUG web.FilterChainProxy - /oauth/token at position 5 of 11 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
DEBUG web.FilterChainProxy - /oauth/token at position 6 of 11 in additional filter chain; firing Filter: 'ClientCredentialsTokenEndpointFilter'
DEBUG web.FilterChainProxy - /oauth/token at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
My config:
oauthProvider {
clients = [
[
clientId:"test",
clientSecret:"testSecret",
authorizedGrantTypes:["authorization_code"],
registeredRedirectUri:["http://myapp/other/"]
]
]
providerNames = [
'samlAuthenticationProvider',
'daoAuthenticationProvider',
'anonymousAuthenticationProvider',
'rememberMeAuthenticationProvider',
'clientCredentialsAuthenticationProvider']
...
'/oauth/authorize.dispatch':['IS_AUTHENTICATED_REMEMBERED'],
'/oauth/token.dispatch':['IS_AUTHENTICATED_REMEMBERED'],
Url posted:
http://localhost:8080/myapp/oauth/token
grant_type=authorization_code
client_id=test
client_secret=testSecret
code=<the code I got from authorization>
redirect_uri=http:localhost:8080//myapp/other"
Is the redirect uri the same in all your requests?