There is no client authentication. Try adding an appropriate authentication filter

Question

I got error when I got token0

 Handling error: InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter.

I can get the code from http://localhost:8080/oauth/authorize?response_type=code&client_id=a&redirect_uri=http://localhost:8080/callback&scope=email profile openid&state=12 and I go to get token in postman ,it show errors { "error": "unauthorized", "error_description": "There is no client authentication. Try adding an appropriate authentication filter." }

here is config

@Configuration
@EnableWebSecurity
@Order(-1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/oauth/**","/login/**","/auth/get-token").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().permitAll()
                .and()
              //  .addFilterBefore(customHeaderFilter, UsernamePasswordAuthenticationFilter.class)
                .logout().permitAll()
                .and()
                .csrf().disable();
//                .httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
       auth.inMemoryAuthentication()
               .withUser("user").password(passwordEncoder().encode("user")).roles("USER")
               .and().withUser("admin").password(passwordEncoder().encode("admin")).roles("ADMIN");
    }



}

@EnableAuthorizationServer
@Configuration
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {


   @Autowired
   private PasswordEncoder passwordEncoder;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients
                    .inMemory()
                    .withClient("a")
                    .secret(passwordEncoder.encode("qwe"))
                    .authorizedGrantTypes("authorization_code")
                    .scopes("email","profile","openid").autoApprove(true)
                    .redirectUris("http://localhost:8080/callback");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .tokenStore( new InMemoryTokenStore())
//                .authenticationManager(authenticationManager)
//                .userDetailsService()
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);

    }


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()")
                .allowFormAuthenticationForClients();
    }


}

Answer 1

I have no idea about the reason. It was solved by upgrade spring-security-oauth2 and change config

parent is same

before pom

<dependencies>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>3.8.1</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security.oauth.boot</groupId>
        <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        <version>2.5.7</version>
    </dependency>
</dependencies>

after pom

 <dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <!--security-->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security.oauth</groupId>
        <artifactId>spring-security-oauth2</artifactId>
        <version>2.5.2.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.6.0</version>
    </dependency>

    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>3.8.1</version>
        <scope>test</scope>
    </dependency>
</dependencies>

in security

before

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/oauth/**","/login/**","/auth/get-token").permitAll()
        .anyRequest().authenticated()
        .and()
        .formLogin().permitAll()
        .and()
      //.addFilterBefore(customHeaderFilter, UsernamePasswordAuthenticationFilter.class)
        .logout().permitAll()
        .and()
        .httpBasic()
        .and()
        .csrf().disable();
      //.httpBasic();
}

after

@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .anyRequest().authenticated()
        .and()
        .httpBasic()
        .and()
        .csrf()
        .disable()
        .formLogin().permitAll()
        .and()
        .logout().permitAll()
        .and()
        .cors().disable();
}