Hi. I am using the 'oauth2-vanilla' architecture from this tutorial series for my web application. Since I am using the OAuth2 authentication API from a third-party server I just have UI server and Resource Server.
I registered my app in the third-party server for getting the clientId and clientSecret.

For some reason this server does not send me the access token and Spring Security shows this whitelabel error page:

This is a part of the stack trace that Spring throws:

This is the security config for my UI server:
security: oauth2: client: clientId: 233eb71722c2eb18e79d3fc5e00bd20a8bbbeb89049d2d17bc30d76e9f1f7fb9 clientSecret: f0598c6da0843abd113c3d51eb6325dbfcb67aa4a13f7f7d328e040263527d11 accessTokenUri: https://api.fablabs.io/oauth/token userAuthorizationUri: https://api.fablabs.io/oauth/authorize clientAuthenticationScheme: form resource: userInfoUri: https://api.fablabs.io/v0/me

Not sure what is going wrong with the authentication process. The third-party auth server is implemented with Ruby on Rails and Doorkeeper gem. If you check the whitelabel error page, the authorization code shown after I successfully sign in using the login form from the OAuth2 provider, is on the url but my app cannot exchange it for the access token.

I have tested sending the POST request using postman extension and the access token is SUCCESSFULLY returned:

On the other hand, I have been able to successfully login using the GitHub API and the Google OpenID connect also. So, I don't know what is going wrong here..

Could be that I am not using an https protocol for testing in localhost? the csrfHeaderFilter?...

This is the API I am using: https://github.com/fablabbcn/fablabs-api-examples
I would appreciate some help on this issue. Thanks!

I don't know much about that provider. Maybe they only accept client credentials as a header (which is recommended by the spec but not implemented by Github)? You would need to remove the clientAuthenticationScheme from your config to test that theory.

I removed clientAuthenticationScheme without success. If I remove the clientAuthenticationScheme, Spring does not include the clientId and clientSecret in the POST request for getting the access token:

Created POST request for "https://api.fablabs.io/oauth/token" Encoding and sending form: {grant_type=[authorization_code], code=[339f7f8ca05530aa78f4d98f2c81095fc82e6b834571b8c727ecc96ea4ac9a69], redirect_uri=[http://localhost:8080/login]}

And according to the Doorkeeper documentation, they must be sent:
https://github.com/doorkeeper-gem/doorkeeper/wiki/authorization-flow

I do not understand yet what do clientAuthenticationScheme and authenticationScheme do...

I tried including the auth server certificate into the Java trust list, but still getting the same BadCredentialsExceptions. Like in this example:
http://stackoverflow.com/questions/34772963/use-openid-connect-gluu-authentication-provider-to-secure-spring-boot-web-app-cl

I will try to upload the app to heroku in case it is something with the https stuff..
I still do not know what is going wrong here...

If the provider isn't giving you better documentation, you might have to reverse engineer a client that you know is working. I assume the client you linked to above (in node) works. Follow the back channel with a TCP sniffer or something and find out what it is sending.