Spring OAuth2 - There is no client authentication. Try adding an appropriate authentication filter

Question

We have an application which is using spring-security-oauth2:1.0. I was trying to change it to a newer version, spring-security-oauth2:2.0.7.RELEASE

Answer 1

I don't know the previous version, but I know a bit about 2.0.7.

I suspect your problem is that your TokenEndpoint security tries to authenticate your clients against your user service.

The TokenEndpoint is protected by a BasicAuthenticationFilter. By default this filter would use an AuthenticationManager instance, which itself holds an AuthenticationProvider, which itself depends on an instance of UserDetailsService. The trick is that this particular instance of UserDetailsService must be client based, not user based : that's why there is a ClientDetailsUserDetailsService, which adapts ClientDetailsService to UserDetailsService.

Normally all this stuff is already done by default when you use the framework's configuration classes AuthorizationServerConfigurerAdapter, @EnableAuthorizationServer, etc..