question: OAuth2
authentication and authorization is an internal project of the company, so I want to follow the password mode of OAuth2
. Now my authentication server is configured. When the client requests API, it defaults to request authentication / oauth/authorize
instead of token / oauth/token
because there is no authentication. When the client requests API, if it is not authenticated, it should first guide the user to login authentication and then request, and then how to obtain token, according to the user name and password of the user in the client. The following is the configuration of my client
security:
oauth2:
client:
client-id: xxxxx
client-secret: xxxxx
access-token-uri: http://xxxx/oauth/token
user-authorization-uri: http://xxxx/oauth/authorize
resource:
user-info-uri: http://xxxxx/user/me