-
when generating the
Authorization: Basic
value, I did something like this:$ echo "client-id:client-secret" | base64
... forgetting that
echo
adds the new-line. Resulting value will fail to match:{ "timestamp":1512600410517, "status":401, "error":"Unauthorized", "message":"Bad credentials", "path":"/oauth/token" }
-
Even though https://tools.ietf.org/html/rfc6749#section-4.4.2 says that "scope" is optional, seems like Spring Security's OAuth2 complains when it's not present:
{ "error":"invalid_scope", "error_description":"Empty scope (either the client or the user is not allowed the requested scopes)" }
The short-term fix is to ensure a scope is set for the client:
application.properties
... security.oauth2.client.scope=default ...
This worked:
$ export BASIC_AUTH_CREDS=$( echo -n "client_id:client_secret" | base64 )
$ curl -H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic $BASIC_AUTH_CREDS" \
-X POST \
-d 'grant_type=client_credentials' \
http://localhost:8080/oauth/token