URL to generate access_token:
Type 1: Generation of token using Username & password:

http://localhost:8080/<app_name>/oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=techie&password=techie@rest

Type 2: Generation of token without using username & password:

When you have refresh refresh_token after generating from the above url, you need not to have username & password to generate access_token.
http://localhost:8080/security/oauth/token?grant_type=refresh_token&client_id=restapp&client_secret=restapp&refresh_token=74395d99-59c3-44bf-a3d3-1d6b575badb4

client_id and client_Secret can be retrieved from spring-security.xml

<oauth:client-details-service id=”clientDetails”>
<!– client –>
<oauth:client client-id=”restapp”
authorized-grant-types=”authorization_code,client_credentials”
authorities=”ROLE_APP” scope=”read,write,trust” secret=”secret” />

<oauth:client client-id=”restapp” authorized-grant-types=”password,authorization_code,refresh_token,implicit”
secret=”restapp” authorities=”ROLE_APP” />

</oauth:client-details-service>

We need to find the client details under oauth:client-details-service tag
for the client-id and secret associated with authorized-grant-types: password,authorization_code,refresh_token,implicit
username and password also can be retrieved from spring-security.xml

<authentication-manager alias=”authenticationManager”
xmlns=”http://www.springframework.org/schema/security”&gt;
<authentication-provider>
<user-service>
<user name=”techie” password=”techie@rest” authorities=”ROLE_APP” />
<!– you can create any no. of users just copy paste and change name and password–>
<user name=”techie1″ password=”techie1@rest” authorities=”ROLE_APP” />
</user-service>
</authentication-provider>
</authentication-manager>

Output can be similar to below:

{

“access_token”:”659cc0e4-f89c-453d-a91f-a994b7f0bd9d”,

“token_type”:”bearer”,

“refresh_token”:”1af9ec1f-1578-43e2-89d0-03646fc7e0ad”,

“expires_in”:119

}

Advertisements