Hello. I am trying to setup a simple authentication scheme for a rest api. The idea is to have two endpoints, one of them accessible to an admin and the other one accesible to a user. I am using spring boot. Below is my security configuration.
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2ResourceServer().jwt();
http.cors();
With this config I have to add a Bearer token to the requests calling the endpoints in order to get a valid answer. The token I have been using is obtained calling the endpoint
oauth2/default/v1/token
I call the endpoint from postman using basic auth, and using client id and client secret.
I use grant_type client_credentials and scope custom as the body of the request.
The problem is that I can’t get different tokens for admin and user. When I try calling the same endpoint using the user’s password and username I get
{
"errorCode": "invalid_client",
"errorSummary": "Invalid value for 'client_id' parameter.",
"errorLink": "invalid_client",
"errorId": "oaeamcYjURURC-YXWyt7Xhq0A",
"errorCauses": []
}
Is there a way to get tokens for admins and users?. I have already created the groups in my developer account and recently added a claim but I am missing the link between the claim and the actual token someone gets.