Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Improve documentation #6

petersaints opened this Issue Nov 4, 2012 · 9 comments


None yet
3 participants

I was able to get an access token from the application. I had to change a few things when compared to the documentation.
NOT: My application is running on http://localhost/oauth2 instead of http://localhost/app

After the user grants access to the application I get a code:

But then the documentation is wrong. You say to do this:

But two parameters are missing. Namely:

So it should be something like this:

This will in fact get me an authorization code, by redirecting me to http://localhost:8080/oauth2/#access_token=ffceafc1-70b9-465b-9244-f261a9d35f16&token_type=bearer&expires_in=43200

The problem is that you have on the documentation the following:
"This will then give a token to the client that can be used to access the application as the user (an example needs to go here)."

From what I could gather you're suppose to send the token in the HTTP request header. So I tried this with curl:
curl -H "Authorization: OAuth ffceafc1-70b9-465b-9244-f261a9d35f16" http://localhost:8080/oauth2/
EDIT: It's Authorization: bearer instead of OAuth. See my response below.

But it doesn't automatically logins me in. If access the front page I get user not logged in, and if I try to access a Secured action in a controller I'm redirected to login. What am I doing wrong? Could you please make this part of the README documentation better?

Thanks in advance

Answering myself. It's supposed to be bearer instead of OAuth in the header:
curl -H "Authorization: bearer ffceafc1-70b9-465b-9244-f261a9d35f16" http://localhost:8080/oauth2/

But I'm still wondering how am I supposed to get a refresh token? Do I need to make a separate request? If so, how?

@petersaints petersaints closed this Nov 4, 2012

@petersaints petersaints reopened this Nov 4, 2012


bluesliverx commented Nov 30, 2013

@petersaints, I made some changes to the docs a little while ago, could you please check it out and let me know if there are still problems? I've tested the flows documented. I think the token based auth is quite different from the authorization code auth I've documented. I'm very interested in how it works, however, so any pointers/pull requests would really help.

Hi guys,
I am also facing the same issue.

As per the documentation I set up the Oauth2 provider
I am able to work with the implicit and client credentials flow. but I am having troubles with the authorization_code flow

the doc says make a call to

  1. http://localhost:8080/app/oauth/authorize?response_type=code&client_id=clientId&redirect_uri=http://localhost:8080/app/

this works for me and redirects me to a page for authorization and then redirects me to the URL with the code

but when i use this code and formulate a URL and try running it

it gives me an exception


when i had a look inside the code. I found out the highlighted condition to be false

protected String getClientId(Principal principal) { Authentication client = (Authentication) principal; if (!client.isAuthenticated()) { throw new InsufficientAuthenticationException("The client is not authenticated."); } String clientId = client.getName(); if (client instanceof OAuth2Authentication) { // Might be a client and user combined authentication clientId = ((OAuth2Authentication) client).getAuthorizationRequest().getClientId(); } return clientId; }

and hence it was taking the userid as client id and trying to search that inside the clientdetails service and failing.

Is there any thing that I am missing? My config is same as what is given in the documentation and I am using grails 2.3.4

Thanks a lot.


bluesliverx commented Jan 9, 2014

@gauravlanjekar, what version of the plugin are you using?

@bluesliverx spring-security-oauth2-provider:


bluesliverx commented Jan 9, 2014

I'll have to check this out further then, and it may be awhile as I'm quite busy with other things in life. Feel free to submit a pull request if you figure out what is lacking in the docs.

@bluesliverx Hi I tested it out with the examples and everything seems to be working fine.

Is there any documentation on how to use oauth2 expressions in the plugin. Like #oauth2.hasScope('read')


bluesliverx commented Jan 13, 2014

Nope, feel free to create another issue with that request, although I probably won't be able to get to it anytime soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment