Hello Anders,

I faced the same issue but was able to find a way out.
I am not sure if this is expected behavior but you can simply remove the 
client_secret parameter from your call. It would start looking for username 
and password. If you provide client_id and client_secret both, it simply 
verifies that and returns a token without caring to check username and 
password validity. 

-Nilesh Choudhary

On Thursday, February 1, 2018 at 8:26:31 PM UTC+5:30, Anders Olsen wrote:
>
> Hello,
>
>  
>
> I am currently trying to setup OAuth2 for CAS running 5.2.2 with a MySQL 
> backend.
>
> I have the normal CAS protocol working, where it checks username and 
> password vs stored username and hashes.
>
>  
>
> However, I am trying to use the Grant Type “Resource Owner Credentials” 
> but CAS runs the request as a “Client Credential” and gives access tokens, 
> even when no username and password has been specified.
>
>  
>
> I have the following service definition:
>
> {
>
>   "@class" : 
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>
>   "clientId": "dofbasen_oauth2_android",
>
>   "clientSecret": "XXX",
>
>   "generateRefreshToken" : true,
>
>   "jsonFormat" : true,
>
>   "supported_grants" : ["password", "refresh_token"],
>
>   "name" : "OAuth2 (Android)",
>
>   "id" : 201801311512,
>
>   "attributeReleasePolicy" : {
>
>     "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>
>   }
>
> }
>
>  
>
> This is my request in Postman:
>
>  
>
> I can see in the terminal, having set the loglevel to debug, that CAS uses 
> the OAuthClientAuthenticator:
>
> [org.apereo.cas.support.oauth.authenticator.OAuthClientAuthenticator] - 
> <Authenticated user profile [#OAuthClientProfile# | id: 
> dofbasen_oauth2_android | attributes: {} | roles: [] | permissions: [] | 
> isRemembered: false | clientName: null | linkedId: null |]>
>
>  
>
> It seems to me that something has been mixed up in the implementation and 
> CAS is actually using the Client Credentials (where grant_type should have 
> been client_credentials) instead of the Resource Owner Credentials which 
> has grant_type=password..
>
>  
>
> If you need more details or my configuration or anything, I’ll gladly send 
> them.
>
>  
>
> With regards
>
> *Anders Olsen*
>
> Softwareudvikler
>
> Software Developer
>
>     
>
> Tel +45 3328 3800
>
> [image: https://integration.dof.dk/assets/small/birdlife_dof_100px.png]
>
> [image: https://integration.dof.dk/assets/small/fb.png] 
> <https://www.facebook.com/birdlifedk>  [image: 
> https://integration.dof.dk/assets/small/instagram.png] 
> <https://www.instagram.com/danmarksfugle>  [image: 
> https://integration.dof.dk/assets/small/youtube.png] 
> <https://www.youtube.com/user/DOFBirdlife>
>
> DOF / Birdlife Denmark | Vesterbrogade 140 | 1620 København V | www.dof.dk 
>
>  
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/83657dc8-4de0-4edf-b73b-d4508b14e060%40apereo.org.

Reply via email to