Why i am getting unauthorized 401 error in Spring Oauth2 while accessing token?

Question

Hi I am implementing Spring Oauth 2 framework in my project, i am getting 401 unauthorized error when requesting for access token, below is my code.

public class Test {


    public static void main(String[] args) {

        RestTemplate restTemplate=new RestTemplate();
        Map<String, String> map=new HashMap<String, String>();
        map.put("grant_type", "password");
        map.put("client_id", "test");
        map.put("client_secret", "test");
        map.put("username", "test");
        map.put("password", "test");
        String url="http://localhost:8080/SpringOauthServer/oauth/token?grant_type={grant_type}&client_id={client_id}&client_secret={client_secret}&username={username}&password={password}";

        OauthToken result=restTemplate.getForObject(url, OauthToken.class,map);     
        System.out.println(result.getAccess_token());
    }


}

but when i use below curl command i get the access token. please help me where i am mistaking..

curl test:test@localhost:8080/SpringOauthServer/oauth/token -d grant_type=password -d client_id=test -d client_secret=test -d username=test   -d password=test

Response:

{
   "access_token":"d83a312b-323a-40a9-bfc4-c431c40f2ca8",
   "token_type":"bearer",
   "refresh_token":"17976f94-f3b7-4e2d-8726-3d094f7b1061",
   "expires_in":43190,
   "scope":"read write trust"
}

Answer 1

I know this is an old thread but Just if some one stucked with RestTemplate and OAuth2 (ex. for integration tests) this how it should work.

Fetching OAuth2 access_token using RestTemplate

In the above question the grant_type=password it means that you need to send the client_id and secret in authorization http header as basic authontication and the rest of the information for your request goes to the http request body as form data.

Reusing the example in the question:

public class Test {
    public static void main(String[] args) {
        RestTemplate restTemplate = new RestTemplate();

        // Add the basic authentication "username:password"
        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);

        // Adding form data
        Map<String, String> map = new HashMap<String, String>();
        map.put("grant_type", "password");
        map.put("client_id", "test");
        map.put("username", "test");
        map.put("password", "test");
        map.put("scope", "read,write,trust");

        // Creating HttpEntity request with the headers and form data
        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(map, headers);

        String url="http://localhost:8080/SpringOauthServer/oauth/token";

        // Execute the request
        ResponseEntity<String> response = 
            restTemplate
                .withBasicAuth("test", "test")
                .postForEntity(
                    url,
                    request,
                    OauthToken.class
                );

        System.out.println(result.getAccess_token());
    }
}

What Went wrong in the question:

The curl used in the question function completely different than the java code provided.

I will tear it down and don't foget to check the documentation here

1. curl test:test calling curl using basic authentication with test as username and test as password (format {USERNAME}:{PASSWORD}), which we did the same in our RestTemplate and it was missing in the question java code.

2. localhost:8080/SpringOauthServer/oauth/token the url used in the curl command is without any url parameters which we did the same in our RestTemplate but it was added in the question and this is wrong.

3. -d grant_type=password -d client_id=test -d client_secret=test -d username=test -d password=test marking parameters with -d will make curl execute http POST request and send these parameters as form data in the http body which we did the same in our RestTemplate and it was missing in the question java code.