I am following the example of Stormpath here: http://docs.stormpath.com/java/spring-boot-web/http-request-authentication.html
So far everything else has been working.
But when I try to issue the command:
curl -X POST --data 'grant_type=password&username=ACCOUNT_USERNAME&password=ACCOUNT_PASSWORD' \
-H 'Origin: http://localhost:8080' http://localhost:8080/oauth/token
I get this error:
<body>
<div class="container-fluid">
<div class="row">
<div class="box col-md-6 col-md-offset-3">
<div class="stormpath-header">
<img src="https://stormpath.com/images/template/logo-nav.png" />
</div>
<div class="logo">
<h1>403</h1>
</div>
<p class="lead text-muted">Expected CSRF token not found. Has your session expired?</p>
<a href="/" class="btn btn-primary">Go Home</a>
</div>
</div>
</div>
</body>
Any clues on how to solve this?
Which Stormpath Spring Boot Starter are you using?
stormpath-default-spring-boot-starter (and others) include Spring Security.
At this moment, Spring Security and /oauth/token are incompatible with the Stormpath integration.
Good News! We are literally releasing the new Token Management integration this week. It will be release 1.0.RC8.3. You can track it's status here. It integrates perfectly up through the Spring stack, including Spring Security. It also provides both access and refresh tokens and supports exchanging refresh tokens for new access tokens.
If you want the /oauth/token endpoint to work in advance of this release, you can either use a different Stormpath Starter or you can disable Spring Security.
For the first approach, you can use the stormpath-spring-boot-starter.
For the second approach, add the following lines to your application.properties file:
stormpath.spring.security.enabled = false
security.basic.enabled = false