Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Improve documentation #6

petersaints opened this Issue · 9 comments

3 participants


I was able to get an access token from the application. I had to change a few things when compared to the documentation.
NOT: My application is running on http://localhost/oauth2 instead of http://localhost/app

After the user grants access to the application I get a code:

But then the documentation is wrong. You say to do this:

But two parameters are missing. Namely:

So it should be something like this:

This will in fact get me an authorization code, by redirecting me to http://localhost:8080/oauth2/#access_token=ffceafc1-70b9-465b-9244-f261a9d35f16&token_type=bearer&expires_in=43200

The problem is that you have on the documentation the following:
"This will then give a token to the client that can be used to access the application as the user (an example needs to go here)."

From what I could gather you're suppose to send the token in the HTTP request header. So I tried this with curl:
curl -H "Authorization: OAuth ffceafc1-70b9-465b-9244-f261a9d35f16" http://localhost:8080/oauth2/
EDIT: It's Authorization: bearer instead of OAuth. See my response below.

But it doesn't automatically logins me in. If access the front page I get user not logged in, and if I try to access a Secured action in a controller I'm redirected to login. What am I doing wrong? Could you please make this part of the README documentation better?

Thanks in advance


Answering myself. It's supposed to be bearer instead of OAuth in the header:
curl -H "Authorization: bearer ffceafc1-70b9-465b-9244-f261a9d35f16" http://localhost:8080/oauth2/

But I'm still wondering how am I supposed to get a refresh token? Do I need to make a separate request? If so, how?

@petersaints petersaints closed this
@petersaints petersaints reopened this

@petersaints, I made some changes to the docs a little while ago, could you please check it out and let me know if there are still problems? I've tested the flows documented. I think the token based auth is quite different from the authorization code auth I've documented. I'm very interested in how it works, however, so any pointers/pull requests would really help.


Hi guys,
I am also facing the same issue.

As per the documentation I set up the Oauth2 provider
I am able to work with the implicit and client credentials flow. but I am having troubles with the authorization_code flow

the doc says make a call to
1) http://localhost:8080/app/oauth/authorize?response_type=code&client_id=clientId&redirect_uri=http://localhost:8080/app/

this works for me and redirects me to a page for authorization and then redirects me to the URL with the code

but when i use this code and formulate a URL and try running it

it gives me an exception

when i had a look inside the code. I found out the highlighted condition to be false

protected String getClientId(Principal principal) {
Authentication client = (Authentication) principal;
if (!client.isAuthenticated()) {
throw new InsufficientAuthenticationException("The client is not authenticated.");
String clientId = client.getName();
if (client instanceof OAuth2Authentication) {
// Might be a client and user combined authentication
clientId = ((OAuth2Authentication) client).getAuthorizationRequest().getClientId();
return clientId;

and hence it was taking the userid as client id and trying to search that inside the clientdetails service and failing.

Is there any thing that I am missing? My config is same as what is given in the documentation and I am using grails 2.3.4

Thanks a lot.


@gauravlanjekar, what version of the plugin are you using?


@bluesliverx spring-security-oauth2-provider:


I'll have to check this out further then, and it may be awhile as I'm quite busy with other things in life. Feel free to submit a pull request if you figure out what is lacking in the docs.


@bluesliverx Hi I tested it out with the examples and everything seems to be working fine.


Is there any documentation on how to use oauth2 expressions in the plugin. Like #oauth2.hasScope('read')


Nope, feel free to create another issue with that request, although I probably won't be able to get to it anytime soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.