[cas-user] OAuth password grant fails because UsernamePasswordCredential isn't a ClientCredential

Wed, 17 Jun 2020 15:21:07 -0700 

I've gone through several simple example service configurations for both 
6.1.5 and 6.2.0-RC5, and I'm currently trying:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "client",
  "clientSecret": "secret",
  "serviceId" : "https://example.net/dashboard";,
  "name" : "OAUTH",
  "id" : 1,
  "attributeReleasePolicy" : {
    "@class" : 
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
    "allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn" ] ]
  },
  "supportedGrantTypes": [ "java.util.HashSet", [ "password" ] ]
}

When a password grant request is made, CAS cannot find a valid 
authentication handler. A UsernamePasswordCredential is extracted, but the 
DelegatedClientAuthenticationHandler will only accept ClientCredentials. 
Honestly after stepping though the code for days I don't see how this ever 
worked. I assume it does however, so I must be missing something.

curl "[my 
server]/oauth2.0/token?grant_type=password&client_id=client&client_secret=secret&username=user&password=password"

2020-06-17 15:13:20,269 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication credentials provided for this transaction are 
[[UsernamePasswordCredential(username=user, source=null, customFields={})]]>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
<Candidate/Registered authentication handlers for this transaction are 
[[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@20b9486d,
 
org.apereo.cas.support.openid.authentication.handler.support.OpenIdCredentialsAuthenticationHandler@4b249051,
 
org.apereo.cas.support.pac4j.authentication.handler.support.DelegatedClientAuthenticationHandler@7658ca71]]>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
<Authentication handler resolvers for this transaction are 
[[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@7fa005d1]]>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
<Authentication handler resolvers produced no candidate authentication 
handler. Using the default handler resolver instead...>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.AuthenticationHandlerResolver] - <Default 
authentication handlers used for this transaction are 
[HttpBasedServiceCredentialsAuthenticationHandler,OpenIdCredentialsAuthenticationHandler,DelegatedClientAuthenticationHandler]>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - 
<Resolved and finalized authentication handlers to carry out this 
authentication transaction are 
[[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@7fa005d1]]>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Candidate resolved authentication handlers for this transaction are 
[[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@20b9486d,
 
org.apereo.cas.support.openid.authentication.handler.support.OpenIdCredentialsAuthenticationHandler@4b249051,
 
org.apereo.cas.support.pac4j.authentication.handler.support.DelegatedClientAuthenticationHandler@7658ca71]]>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Attempting to authenticate credential 
[UsernamePasswordCredential(username=user, source=null, customFields={})]>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] 
does not support the credential type 
[UsernamePasswordCredential(username=user, source=null, customFields={})]. 
Trying next...>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication handler [OpenIdCredentialsAuthenticationHandler] does not 
support the credential type [UsernamePasswordCredential(username=user, 
source=null, customFields={})]. Trying next...>
2020-06-17 15:13:20,270 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication handler [DelegatedClientAuthenticationHandler] does not 
support the credential type [UsernamePasswordCredential(username=user, 
source=null, customFields={})]. Trying next...>

Any working password grant configuration or insight would be appreciated.

Thanks,
-Gary

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/abd91b30-3194-4f92-9e2b-92277660dc77o%40apereo.org.

Reply via email to