Code Exchange error

[asterisk360-admin]

Hello

I'm trying to exchange the code at token endpoint but this message is responded:
{ "error": "invalid_client" }

I enable the secuity debug for find more information about the error cause:
logging.level.org.springframework.security=DEBUG
logging.level.org.springframework.security.web.FilterChainProxy=DEBUG

There is other option to enable specific debug in the auth server filter?

---

Request received for POST '/oauth2/token?grant_type=authorization_code&code=G-V5JZtRD4Cv5wd4D5YeT1BTBTsm5Y6t9tEDvaCN2f3mNi8wwoi9CUB4cDKfhARDD8ekgAkl27Kj-HONjfNLzWvaPkNOU9W0fLYiGDj7mPBBREQn2MHqTh8BhShbSJOP&client_id=identity&redirect_uri=https://oidcdebugger.com/debug':

org.apache.catalina.connector.RequestFacade@171e4fa0

servletPath:/oauth2/token
pathInfo:null
headers:
authorization: Basic aWRlbnRpdHk6cDRzc3cwcmQ=
user-agent: PostmanRuntime/7.28.4
accept: /
cache-control: no-cache
postman-token: 45f1b97d-d910-4699-be3a-c6a5d99a3348
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive
content-length: 0

Security filter chain: [
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
CsrfFilter
LogoutFilter
OAuth2AuthorizationEndpointFilter
OidcProviderConfigurationEndpointFilter
NimbusJwkSetEndpointFilter
OAuth2AuthorizationServerMetadataEndpointFilter
OAuth2ClientAuthenticationFilter
UsernamePasswordAuthenticationFilter
DefaultLoginPageGeneratingFilter
DefaultLogoutPageGeneratingFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
OAuth2TokenEndpointFilter
OAuth2TokenIntrospectionEndpointFilter
OAuth2TokenRevocationEndpointFilter
]

---

2021-09-01 09:00:17.984 DEBUG 7924 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing POST /oauth2/token?grant_type=authorization_code&code=G-V5JZtRD4Cv5wd4D5YeT1BTBTsm5Y6t9tEDvaCN2f3mNi8wwoi9CUB4cDKfhARDD8ekgAkl27Kj-HONjfNLzWvaPkNOU9W0fLYiGDj7mPBBREQn2MHqTh8BhShbSJOP&client_id=identity&redirect_uri=https://oidcdebugger.com/debug
2021-09-01 09:00:17.985 DEBUG 7924 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-09-01 09:00:18.007 DEBUG 7924 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2021-09-01 09:00:18.013 DEBUG 7924 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2021-09-01 09:00:18.013 DEBUG 7924 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

[asterisk360-admin]

Related with #159

[sjohnr]

Hi @asterisk360-admin, thanks for the report.

You can try enabling trace logging in Spring Security via: logging.level.org.springframework.security=TRACE. This will not increase the output from the Spring Authorization Server project, but it should point you at the filter that is the problem (likely the OAuth2TokenEndpointFilter).

Note that there are quite a few validation checks in that filter and you seem to be hitting one of them, hence the { "error": "invalid_client" }. This is often the result of a misconfiguration on the client side, or possibly in the RegisteredClient on the auth server. If you have additional issues, feel free to post a stackoverflow question with a link to a minimal, reproducible sample (and link to it from here) and I'll be happy to take a look.

For now I'll close this one as a duplicate of #159.