Login/Register
Access Token Response: tokenType cannot be null
Asked Answered
Solved javaspringspring-webfluxspring-webclient
M

2

5

I am upgrading my service and implementing webclient using oAuth2, and I am getting exception is"tokenType cannot be null" could you please help me to resolve that.

exception: org.springframework.security.oauth2.core.OAuth2AuthorizationException: [invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: Error while extracting response for type [class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] and content type [application/json]; nested exception is org.springframework.http.converter.HttpMessageNotReadableException: An error occurred reading the OAuth 2.0 Access Token Response: tokenType cannot be null; nested exception is java.lang.IllegalArgumentException: tokenType cannot be null

Morn answered 30/10, 2019 at 16:10 Comment(0)
M
0

Eventually figured out the issue,client was missing one of field in token json response that was tokenType. Actually tokenType also should be included in token response, in my case tokenType was bearer.

{ "access_token": "************", "token_type": "Bearer", "expires_in": 1800, "scope": "read" }

Morn answered 2/12, 2019 at 20:9 Comment(0)
R
6

Please have a look at https://github.com/spring-projects/spring-security/issues/5983#issuecomment-430620308

This is well known problem because of the spec that requires a token type (BEARER in our case) to be present in the response to the client when hitting the token access uri, Spring security oauth doesnt affect a default in case of non presence of this parameter tokentype, you have a work around in the link above.

The OAuth spec states : https://www.rfc-editor.org/rfc/rfc6749#section-5.1

5.1. Successful Response

The authorization server issues an access token and optional refresh token, and constructs the response by adding the following parameters to the entity-body of the HTTP response with a 200 (OK) status code:

access_token REQUIRED. The access token issued by the authorization server.

token_type REQUIRED. The type of the token issued as described in Section 7.1. Value is case insensitive.

expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.

Rosena answered 27/4, 2020 at 4:37 Comment(0)
M
0

Eventually figured out the issue,client was missing one of field in token json response that was tokenType. Actually tokenType also should be included in token response, in my case tokenType was bearer.

{ "access_token": "************", "token_type": "Bearer", "expires_in": 1800, "scope": "read" }

Morn answered 2/12, 2019 at 20:9 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.