"invalid_request ... Missing grant type" when calling certain OAuth2 from NodeJs but not from curl with exact same header

Question

I am very confused why I am getting "Missing grant type" error from Spring Security OAuth2 while calling it from NodeJs node-rest-client.

I checked via "sniffer" and I can see I am posting exact the same header and body. Well, the only difference I noted it is "Content-Type:application/x-www-form-urlencoded" not settup while calling from NodeJs but, as far as I could see, it is not allowed for node-rest-client. I am not expecting this to impact since I can see "grant_type=password&username=a&password=a" in exact same format as the one working from curl.

As far as I understand, in curl, "-u greencard-trusted-client:greencard-secret" means I am passing it throw header and "-d "grant_type=password&username=a&password=a"" as body, so, I understand I am using node-rest-client in the same way I am using curl bellow.

Any suggestion will be appreciated.

curl straight to the Spring OAuth2 service

curl -u myapp-trusted-client:myapp-secret -k -d "grant_type=password&username=a&password=a" -H "Content-Type:application/x-www-form-urlencoded" http://localhost:9080/myclient/oauth/token

>sudo ngrep -Wbyline -d lo port 9080
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 9080 )
####
T 127.0.0.1:38606 -> 127.0.0.1:9080 [AP]
POST /myclient/oauth/token HTTP/1.1.
Host: localhost:9080.
Authorization: Basic Z3JlZW5jYXJkLXRydXN0ZWQtY2xpZW50OmdyZWVuY2FyZC1zZWNyZXQ=.
User-Agent: curl/7.47.0.
Accept: */*.
Content-Type:application/x-www-form-urlencoded.
Content-Length: 41.
.
grant_type=password&username=a&password=a
##
T 127.0.0.1:9080 -> 127.0.0.1:38606 [AP]
HTTP/1.1 200 OK.
X-Powered-By: Servlet/3.1.
Cache-Control: no-store.
Pragma: no-cache.
Content-Type: application/xml;charset=UTF-8.
X-Content-Type-Options: nosniff.
X-XSS-Protection: 1; mode=block.
X-Frame-Options: DENY.
Content-Language: en-US.
Transfer-Encoding: chunked.
Date: Thu, 09 Mar 2017 20:10:54 GMT.
.
105.
<OAuth2AccessToken><access_token>78048b70-f84c-476c-ba4f-6eecca1c5f77</access_token><token_type>bearer</token_type><refresh_token>78410631-e3a3-4c75-b8f5-7373bbcd4fd1</refresh_token><expires_in>119</expires_in><scope>read write trust</scope></OAuth2AccessToken>.

##
T 127.0.0.1:9080 -> 127.0.0.1:38606 [AP]

exact same service consumed by node-rest-client

ngrep -Wbyline -d lo port 9080
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 9080 )
####
T 127.0.0.1:38750 -> 127.0.0.1:9080 [AP]
POST /myclient/oauth/token HTTP/1.1.
Authorization: Basic Z3JlZW5jYXJkLXRydXN0ZWQtY2xpZW50OmdyZWVuY2FyZC1zZWNyZXQ=.
Content-Length: 41.
Host: 127.0.0.1:9080.
Connection: close.
.
grant_type=password&username=a&password=a
##
T 127.0.0.1:9080 -> 127.0.0.1:38750 [AP]
HTTP/1.1 400 Bad Request.
X-Powered-By: Servlet/3.1.
Cache-Control: no-store.
Pragma: no-cache.
Content-Type: application/xml;charset=UTF-8.
X-Content-Type-Options: nosniff.
X-XSS-Protection: 1; mode=block.
X-Frame-Options: DENY.
Content-Language: en-US.
Transfer-Encoding: chunked.
Connection: Close.
Date: Thu, 09 Mar 2017 20:15:09 GMT.
.
7a.
<OAuth2Exception><error>invalid_request</error><error_description>Missing grant type</error_description></OAuth2Exception>.

##
T 127.0.0.1:9080 -> 127.0.0.1:38750 [AP]
0.

nodejs calling the Spring OAuth2 Rest Service

var express = require('express');
var bodyParser = require('body-parser');
var Client = require('node-rest-client').Client;

var client = new Client();

client.registerMethod("postMethod", "http://127.0.0.1:9080/myclient/oauth/token", "POST");

var app = express();

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
  extended: true
}));

var port = process.env.PORT || 3000;

var router = express.Router();

var tokenRoute = router.route('/token');

tokenRoute.post(function (req, res) {

  var username = 'myapp-trusted-client';
  var password = 'myapp-secret';
  var auth = 'Basic ' + new Buffer(username + ':' + password).toString('base64');

  var args = {
    //data: req.body,
    data: 'grant_type=password&username=a&password=a',
    headers: {'Authorization': auth }
    //headers: { "Content-Type": "application/json" }
  };
  client.methods.postMethod(args, function (data, response) {

    res.writeHead(200, { "Content-Type": "application/json" });
    var json = JSON.stringify({
      tokenBackEnd: data
    });
    res.end(json);

  });

});

app.use('/myclient', router);

app.listen(port);