Home > Software engineering >  Feign client OAuth2 grant type password
Feign client OAuth2 grant type password

Time:03-12

I have a service I want to access using Feign client. The problem is that it requires authorization using OAuth2, password (as said in the Authorize page of Swagger and flow: password is set).

In the Swagger page of the service I can get the access to the methods by simply clicking on the Authorize and inputing my login and password, choosing request body and leaving client_id and client_secret fields as they were default, but how do I do that using Feign client now?

I tried following this guide but it describes how to do it with grant type client_credentials so it didn't work for me, it was expectedly giving errors and not accesing the method of the service. I checked the api of the service just to be sure, grant type is in fact password. When sending a request it was doing it with "Bearer null".

feign.FeignException$Unauthorized: [401] during [GET] to [...] [TestFeignClient#req(String)]: [{"error":"invalid_token","error_description":"Cannot convert access token to JSON"}]

There's a lot of code I don't know about, so I tried to find another guide which will be about grant type password. I tried to follow this guide which suits my situation, but Maven gives me errors about these dependencies, so the code is all red too (I checked the source code of the guide which can be found here to find the dependencies, it's in the customer package pom, on the branch with_database as the author said in the comments section):

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-feign</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-eureka</artifactId>
        </dependency>

So my question is: how can I correctly implement OAuth2 password grant type with Feign client? Is there any actual guides on how to do it? Becasue I didn't find any except these 2 and they both didn't work out for me.

CodePudding user response:

Solved, you need to add this dependency I didn't notice in order to not to specify versions of dependencies:

<dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>Edgware.RELEASE</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

Or just specify versions of the dependencies (second guide).

CodePudding user response:

Grant type "password" would mean that your resource server sends userid and password to the authentication server (oauth 2 server). This would mean you would send data tied to an actual user of your application over the wire. This is not something you want do anymore and this grant type is deprecated.

When you say you input client id and client secret in swagger, you are actually using grant type "client credentials" and not grant type "password". The data you are sending "over the wire" identifies an application or client, hence CLIENT id and CLIENT secret.

The userid and password you are entering is not sent to the authorization server. It might be some kind of BASIC authentication you have in front of your swagger mask.

Stick to your Bealdung guide, its exactly what you want to do. Setup all the beans you can see under 4.2 and provide the needed configuration. Afterwards you should be able to autowire the configured feignclient bean and use it anywhere.

  • Related