REST per-client client credential settings not working

michele.tramonti.web · July 5, 2023, 3:14pm

Hello,
although this issue seems very simililar to another recent one (REST Authorization from Documentation is not working), it is different indeed.

I’m trying to implement per-client settings (I mean set several client_credentials grant with specific client-id and client-secret); to do so I’m following documentation at https://docs.jmix.io/jmix/rest/getting-started.html#obtaining-access-token.
To begin, I’ve simply copied and pasted the configuration properties

# The client id is my-client
spring.security.oauth2.authorizationserver.client.myclient.registration.client-id=my-client
# The client secret (password) is my-secret
spring.security.oauth2.authorizationserver.client.myclient.registration.client-secret={noop}my-secret
# Enable Client Credential grant for the my-client
spring.security.oauth2.authorizationserver.client.myclient.registration.authorization-grant-types=client_credentials
# Client credentials must be passed in the Authorization header using the HTTP Basic authentication scheme
spring.security.oauth2.authorizationserver.client.myclient.registration.client-authentication_methods=client_secret_basic
# Use opaque tokens instead of JWT
spring.security.oauth2.authorizationserver.client.myclient.token.access-token-format=reference

and similarly

# my-client is the client id we configured previously
jmix.authserver.client.myclient.client-id = my-client
jmix.authserver.client.myclient.resource-roles = rest-minimal

but trying from bash

curl -X POST http://localhost:8080/oauth2/token \
   --basic --user my-client:my-secret \
   -H "Content-Type: application/x-www-form-urlencoded" \
   -d "grant_type=client_credentials"

give me:

{
  "timestamp": "2023-07-05T14:46:35.235+00:00",
  "status": 401,
  "error": "Unauthorized",
  "path": "/oauth/token"
}

and a log in jmix application:

2023-07-05 16:46:22.552 DEBUG 57707 --- [nio-8081-exec-5] o.s.security.web.FilterChainProxy        : Securing POST /oauth/token
2023-07-05 16:46:22.554 DEBUG 57707 --- [nio-8081-exec-5] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2023-07-05 16:46:22.710 DEBUG 57707 --- [nio-8081-exec-5] o.s.s.a.dao.DaoAuthenticationProvider    : Failed to find user 'my-client'
2023-07-05 16:46:22.890  INFO 57707 --- [nio-8081-exec-5] i.j.core.impl.FetchPlanRepositoryImpl    : Initializing fetch plans
2023-07-05 16:46:23.038 DEBUG 57707 --- [nio-8081-exec-5] o.s.s.a.dao.DaoAuthenticationProvider    : Failed to find user 'my-client'
2023-07-05 16:46:23.043 DEBUG 57707 --- [nio-8081-exec-5] o.s.s.w.a.www.BasicAuthenticationFilter  : Failed to process authentication request

org.springframework.security.authentication.BadCredentialsException: Bad credentials
......

Am I missing something?

thank you

michele.tramonti.web · July 6, 2023, 10:24am

I finally understood the reason why:
I was unintentionally reading and following documentation of 2.0 version,
while my project version in 1.5.2

I suppose that for this version there is not a similar functionality