Spring Security OAuth2 server side, how to require client_id and client_secret on all request

Question

I am integrating with Spring Security OAuth2 and I am stuck on trying to require the client_id and client_secret for every request. So I'd like all my requests to require access_token, client_id and client_secret, is that doable?

Answer 1

Anything is possible. I'm not sure why you'd want to do that (and you really ought not to use request parameters or body for secrets), but all you would need is to add a custom filter that grabs the client details and asserts on them. Something like a BasicAuthenticationFilter, for instance.