Spring Security OAUTH2 getting token with username

my problem is very "simple". I don't know how to setup my OAUTH2 auth server to accept username/password and returns me token.

If I use:

curl curl:password@localhost:8081/oauth/token\?grant_type=client_credentials it returns me the token but the problem is that it registers user "curl" in the DB so... not so good...

If I use:

http://www.example.com:8081/oauth/authorize?client_id=web&response_type=token it prompts username and password dialog, I enter them and then it asks me I "Do you authorize 'web' to access your protected resources?

scope.read: Approve Deny"

Can I combine those two and just create simple request which will return me the token? I want to use it for angularjs frontend using RESTful WS in Spring Boot and Jersey.

Should I use this scheme https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql

use this config -> clients.jdbc(dataSource);

How to setup one user for that scheme? just basic login with username and password.

OauthConfiguration

@Configuration
@EnableAuthorizationServer
public class OAuthConfiguration extends AuthorizationServerConfigurerAdapter
{

@Autowired
private DataSource dataSource;

@Bean
public TokenStore tokenStore()
{
    return new JdbcTokenStore(dataSource);
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception
{
    endpoints.tokenStore(tokenStore());
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception
{
    // @formatter:off
    clients.inMemory()
            .withClient("curl")
            .authorities("USER")
            .resourceIds("reee")
            .scopes("read", "write")
            .authorizedGrantTypes("client_credentials")
            .secret("password")
            .and()
            .withClient("web")
            .redirectUris("http://github.com/techdev-solutions/")
            .resourceIds("reee")
            .scopes("read")
            .authorizedGrantTypes("implicit");
    // @formatter:on
}
}

SecurityConfiguration

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Autowired
private DataSource dataSource;

@Override
protected void configure(HttpSecurity http) throws Exception
{
    http.authorizeRequests().antMatchers("/**").authenticated()
            .and().httpBasic().realmName("OAuth Server");
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
    PasswordEncoder encoder = new BCryptPasswordEncoder();

    auth.userDetailsService(userDetailsService()).passwordEncoder(encoder);
    auth.jdbcAuthentication().dataSource(dataSource);
}

@Bean
public UserDetailsService userDetailsService()
{
    return new CustomUserDetailsService(dataSource);
}
}

i think we have similar issues as i have opened a q & a what are the java* configuration for oauth2 to return token after authentication

you can avoid the username and password box by adding username and password in the header of the request http://localhost:8081/oauth/authorize?client_id=web&response_type=token and in your client configuration for web add clients.inMemory().autoApprove(true) however server will respond with the redirect url. My problem is that I don't want it to redirect I just want the token in the response..