Open
Description
I'm trying to make an Oauth request of type "password" to Jhipster UAA Server (Spring Cloud).
client = OAuth2::Client.new("web_app",
"changeit",
{
token_url: "/uaa/oauth/token",
site: "http://localhost:8080",
#authorize_url: "/uaa/oauth/token",
auth_scheme: :basic_auth
}
)
access_token = client.password.get_token('admin','admin')
However, csrf is enabled on the UAA server and so I get this error:
access_denied: Could not verify the provided CSRF token because your session was not found.
I was able to get the access token from the UAA server through POSTMAN requests.
Here is the ruby equivalent code generated from POSTMAN:
require 'uri'
require 'net/http'
url = URI("http://localhost:8080/uaa/oauth/token")
http = Net::HTTP.new(url.host, url.port)
request = Net::HTTP::Post.new(url)
request["content-type"] = 'multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW'
request["X-XSRF-TOKEN"] = '**GOT THIS FROM XSRF-TOKEN COOKIE**'
request["Authorization"] = 'Basic d2ViX2FwcDpjaGFuZ2VpdA=='
request["Cache-Control"] = 'no-cache'
request["Postman-Token"] = '**POSTMAN TOKEN VALUE AUTO GENERATED**'
request.body = "------WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"grant_type\"\r\n\r\npassword\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\nadmin\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\nadmin\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"client_id\"\r\n\r\nweb_app\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW--"
response = http.request(request)
puts response.read_body
PS. I'm quite new to rails and any help/suggestion is appreciated. Thank you.