Spring-Security-Oauth2: Full authentication is required to access this resource
The client_id and client_secret, by default, should go in the Authorization header, not the form-urlencoded body. Concatenate your client_id and client_secret, with a colon between them: [email protected]:12345678. Base 64 encode the result: YWJjQGdtYWlsLmNvbToxMjM0NTY3OA== Set the Authorization header: Authorization: Basic YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==