Now I am using the next configuration:
@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(mAppConfig.dataSource())
.withClient("virto")
.secret("secret")
.authorizedGrantTypes("password", "authorization_code", "refresh_token");
}
}
It requires to send client_id, client_secret, username, password... But I need to provide access_token for my trusted servers that has client_id and client_secret only... How can I make it? Is it possible?
What you need is to configure a client with client_credentials grant
@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(mAppConfig.dataSource())
.withClient("virto")
.secret("secret")
.authorizedGrantTypes("client_credentials");
}
}
To get a token you send a post request, with credentials as base 64 encoded.
POST http://localhost:8080/paymentiq/oauth/token?grant_type=client_credentials -h 'Authorization: [clientId:secret]'