If I have enabled to store rest tokens in db and I am using external auth, then I validate the user, call loginTrusted of login service which gives me a session id. Now using this session id if I call ‘/v2/oauth/token’ using grant_type ‘external’, I get an error like ‘No security context bound to thread’.
Upon debugging I found that it is thrown from com.haulmont.cuba.restapi.ServerTokenStoreImpl.storeAccessTokenToDatabase where there is actually no authentication.
However if I use username/password with grant_type ‘password’ then at the same place where it failed, authentication is there as the user who requested log in. Also external auth works fine when save to db is turned off