OAuth Client Credentials Grant
132 views
Skip to first unread message
Martin Schalck
Sep 5, 2017, 8:03:32 AM9/5/17
to CAS Community
Hi All,
I'm trying to configure CAS for Client Credentials Grant flow. I'm using version 5.2.0-RC2.
When I try to get an access token using the
/oauth2.0/authorize endpoint, but instead
I get redirected to the login page. Am I assuming wrong or am I missing some configuration?
The CasOAuthConfiguration creates a SecurityInterceptor with a CasOAuthClient.This is not a Direct type client and I wonder why it is so.
Can anyone give me a hint or examples of doing Client Credentials Grant flows. I'm at my
wits end.
/oauth2.0/authorize?grant_type=client_credentials&client_id=foo&secret=bar
{
"@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "foo",
"clientSecret": "bar",
"bypassApprovalPrompt": false,
"serviceId": "foo",
"name": "Foo",
"description": "A foo service",
"id": 2000,
"evaluationOrder": 2000,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
I have added the following dependencies in pom.xml:
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-oauth-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-token-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
Br
Martin
Martin Schalck
Sep 6, 2017, 5:06:08 AM9/6/17
to CAS Community
Additional information
When reading the spec for Client Credentials Grant is seems like an instance of DirectClient is needed (f.x. DirectCasClient).
But when running with the above config I get a CasClient that extends IndirectClient.
Is this really the correct behavior or is it a bug?
Br
Martin
When reading the spec for Client Credentials Grant is seems like an instance of DirectClient is needed (f.x. DirectCasClient).
But when running with the above config I get a CasClient that extends IndirectClient.
Is this really the correct behavior or is it a bug?
Br
Martin
Agustin Gregorio Moyano
Feb 22, 2018, 11:43:58 AM2/22/18
to CAS Community
Hi Martin, if you read the documentation you should use
/oauth2.0/accessToken
endpoint, not the authorization one.
Hope it helps.
Agustín.
Reply all
Reply to author
Forward
0 new messages