Sparklr2/Tonr2 by Ryan Heaton fails if the user accessing the sparklr is not "tonr"

[marshallmonica@yahoo.com]

Hello everyone !
I have been trying to have a different client_id access the sparklr photos instead of the "tonr" client_id. I took another client whose id has the same authorizedGrantTypes="authorization_code" as "tonr". This client_id is "my-less-trusted-client". This is the change I applied in the configuration on the oauth service provider side.
On the client side
<oauth:resource id="sparklr" type="authorization_code" clientId="tonr"
accessTokenUri="http://localhost:8080/sparklr/oauth/authorize"
userAuthorizationUri="http://localhost:8080/sparklr/oauth/user/authorize"/>

I set the clientId accessing the "sparklr" resource to my-less-trusted-client clientId.
When I try to run the have tonr2 access the photos on sparklr2 I get an exception.

After this test I tried all the other clientIds that are set on the oauth Provider side and all of them failed in a similar way.

After that I ran and debugged all the Junit tests and those tests do access the sparklr2 photos using one at a time the different clientIds. Those attempts are successful but most of them do not authenticate/authorize using the /oauth/user/authorize URI. They use the /oauth/authorize URI.

Why are my attempts to have a different clientId accessing the sparklr resource fail ?

Any clarification is greatly appreciated.

Monica Marshall
Sr. Software Engineer/Tracom/Denver

[stoicflame]

What's the exception?

[marshallmonica@yahoo.com]

I have been retesting with the client id set to "my-less-trusted-client" and now that I cleaned all cookies from the browser I do not see the 401 Error anymore.

Clearly one of the Spring classes stores the clientId in the cookies and I do not know which Spring class does that.

Thanks,
Monica Marshall
Sr. Software Developer/Tracom/Denver