Spring-security-oauth: Get missing grant type error when passing login parameter with -d option in curl

Created on 30 Aug 2015  路  7Comments  路  Source: spring-projects/spring-security-oauth

I get following error {"error":"invalid_request","error_description":"Missing grant type"}

curl -v -X POST -H "Content-Type: application/json" -H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" -d '{"username"="[email protected]","password"="password", "grant_type"="password"}' 'http://localhost:8080/oauth/token'

When i enable debug, i have noticed the parameter variable is always empty if post the data in above format. But it works if i do it as below.

curl -v -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" \
'http://localhost:8080/oauth/token?[email protected]&password=password&grant_type=password'

I'm wondering if i'm doing something wrong?

@RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {

    if (!(principal instanceof Authentication)) {
        throw new InsufficientAuthenticationException(
                "There is no client authentication. Try adding an appropriate authentication filter.");
    }

    String clientId = getClientId(principal);
    ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId);

    TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient);

    if (clientId != null && !clientId.equals("")) {
        // Only validate the client details if a client authenticated during this
        // request.
        if (!clientId.equals(tokenRequest.getClientId())) {
            // double check to make sure that the client ID in the token request is the same as that in the
            // authenticated client
            throw new InvalidClientException("Given client ID does not match authenticated client");
        }
    }
    if (authenticatedClient != null) {
        oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient);
    }
    if (!StringUtils.hasText(tokenRequest.getGrantType())) {
        throw new InvalidRequestException("Missing grant type");
    }
    if (tokenRequest.getGrantType().equals("implicit")) {
        throw new InvalidGrantException("Implicit grant type not supported from token endpoint");
    }

    if (isAuthCodeRequest(parameters)) {
        // The scope was requested or determined during the authorization step
        if (!tokenRequest.getScope().isEmpty()) {
            logger.debug("Clearing scope of incoming token request");
            tokenRequest.setScope(Collections.<String> emptySet());
        }
    }

    if (isRefreshTokenRequest(parameters)) {
        // A refresh token has its own default scopes, so we should ignore any added by the factory here.
        tokenRequest.setScope(OAuth2Utils.parseParameterList(parameters.get(OAuth2Utils.SCOPE)));
    }

    OAuth2AccessToken token = getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest);
    if (token == null) {
        throw new UnsupportedGrantTypeException("Unsupported grant type: " + tokenRequest.getGrantType());
    }

    return getResponse(token);

}
stackoverflow

Most helpful comment

Hi @thtesche do you have any explanation on why changing computer this works?
I am having your same issue on my linuxMint impossible to make it work with -d option.

All 7 comments

No, that's the expected behaviour. The credentials have to be form-encoded (by default at least).

@dsyer We're wondering whether /oauth/token?[email protected]&password=password&grant_type=password is a valid oauth2 request

according to https://tools.ietf.org/html/rfc6749#page-39

4.3.2. Access Token Request
The client makes a request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body
: ....

Is there any chance that you/we could replace RequestParam to RequestBody in org.springframework.security.oauth2.provider.endpoint.TokenEndpoint?

I think there's a misunderstanding. By default you need to send the credentials in the request body per the spec. Did you try it and it didn't work? What's the problem exactly?

Yes, we tried it and it didn't worked on a certain machine. After re-checking on another computer the request is processed as expected. So there is no error in your implementation. Sorry for the noise.

Hi @thtesche do you have any explanation on why changing computer this works?
I am having your same issue on my linuxMint impossible to make it work with -d option.

No, that's the expected behaviour. The credentials have to be form-encoded (by default at least).

Thanks you very much.

Closing this as questions are better suited on Stack Overflow. We prefer to use GitHub issues for bugs and enhancements.

Was this page helpful?
0 / 5 - 0 ratings