How to Use Client Credentials Flow with Spring Security

How to Use Client Credentials Flow with Spring Security

Learn how to use OAuth 2.0’s client credentials grant to communicate between apps secured by Spring Security.

Michal Basl

Hello, thx for great article, seems works as expected with one exception :frowning:
I’m receiving from authority server error due to Accept=application/json HTTP header is missing in request.
Could it be customized, somehow?

Javier Vazquez

Thank your for the post! Without doubt the best one about how to do OAuth2 properly with Spring, everything crystal water clear!
Regards,

srinivas kucherla

This is a great post!. When i followed the steps. I am getting error on this line . Its expecting authentication but passed string to principal. Could you please guide me on this ?
OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId(“okta”)
.principal(“Demo Service”)
.build();

srinivas kucherla

Hi Andrew!..Could you please share your thoughts on the above authorizeRequest. Any help or pointers is a great help.

Thank you
Shree

Brian Demers

Hey @srinivaskucherla! Can you share the exact error message you are seeing?

Brian Demers

It looks like you changed port to 11033 and added a callback route?
Are you mixing different examples together? In general, you should let the framework (Spring Security in this case) handle the callback.

Maybe we should take a step back and move this to the Okta Developer Forum? (if you start a thread, please add a link back here so anyone can follow along!)

srinivas kucherla

https://devforum.okta.com/t… I created a new topic. Also my other question is my local host runs at 11033 port. I have updated that in Application configuration in Okay admin console. Is port number an issue ?

Brian Demers

The port number is less of an issue, if you have everything configured. If you have trouble though I usually recommend, getting things working as is, and then changing one thing at a time until get to your end goal.

Paul Cannon

Hi Andrew, this was great, thanks for posting, one issue I’m having is I have multiple clients and so require multiple OAuthClientConfiguration classes but can only seem to define the one, any thoughts on how this can be achieved please?
Thanks!

Brian Demers

You should be able to define multiple ClientRegistration, each with a unique id. But you would only define the other beans like the ClientRegistrationRepository once.

Does that help?

Hi,
Can you we add clients dynamically after the service starts. If so , how can resolve the clients . Use case : Lets say customer entering the IDP information configuration in a form. We want to make sure entered values are actually valid values and working. So want to create a temp client add it to ClientRegistrationRepository and test it. If the test is successful. Then we can allow the user to save the auth config values. Any thoughts on this would be a great help.

Thank you
Shree