I have an oauth Authserver app,a web app(enabled oauth sso),an android app(needs to access rest resources in the web app)
I am trying to implement spring-oauth2 taking example of oauth-vanilla(latest one with no jwt) spring boot sample project.The project has the following client configuration
security.oauth2.client.clientId: acme
security.oauth2.client.clientSecret: acmesecret
security.oauth2.client.authorized-grant-types: authorization_code,refresh_token,password
security.oauth2.client.scope: openid
so the logic flow goes like(correct me if am wrong) user attempts access to the ui app -->zuul proxied redirect(with client details) to authentication server-->login with credentials (protected /authorize url)-->authorize the scopes-->return with the token/authorization code.
How to eliminate the user authorization step(for android app purpose i want resource owner apporach).I changed my client configuration like this to follow
clients.inMemory().withClient("****").secret("*****").authorities("ROLE_USER")
.authorizedGrantTypes("password", "refresh_token").scopes("read", "write");
but I am getting error from authserver app (DefaultRedirectResolver.java)
"A redirect_uri can only be used by implicit or authorization_code grant types."
if i have my security.oauth properties a below in my web-ui app
security:
oauth2:
client:
accessTokenUri: http://localhost:9097/uaa/oauth/token
userAuthorizationUri: http://localhost:9097/uaa/oauth/authorize
clientId: ****
clientSecret: ****
resource:
userInfoUri: http://localhost:9097/uaa/user
for single sign on ,can resource owner password approach be used or not ? if so what should i change as part of configuration?
