When the client wants to reach a protected resource, the OAuth2RestTemplate makes sure the client will get a token (as we talked earlier): the call to OAuth2RestTemplate.getAccessToken() gets to AccessTokenProviderChain.obtainAccessToken().
What should happen is that UserRedirectRequiredException will be thrown and this way the client will be redirected to get the token.
However, I saw that this method gets the authentication from the context, and asks if it is of type AnonymousAuthenticationToken - if so, it throws InsufficientAuthenticationException; and then the redirect will not occur.
My question - why, in case of AnonymousAuthenticationToken, we have a different exception? In my client (unlike the example) user is not asked for username/password, so I guess that is why I get the AnonymousAuthenticationToken... what should I do then? how can I make sure the client will be redirected?