Spring 安全 oauth2 客户端 - Twitter 的问题

Question

I want to add Twitter oAuth2 to my application. Earlier I added Facebook and google with success - I didn't have to add provider. When i try to add twitter data to application.properties file and run server i get error:

Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.

This is my configuration:

spring.security.oauth2.client.registration.facebook.clientId=<SECRET>
spring.security.oauth2.client.registration.facebook.clientSecret=<SECRET>
spring.security.oauth2.client.registration.facebook.redirect-uri=http://localhost:8080/oauth2/callback/facebook
spring.security.oauth2.client.registration.facebook.scope=public_profile email


spring.security.oauth2.client.registration.twitter.clientId=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.provider=twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=token
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize
spring.security.oauth2.client.provider.twitter.user-info-uri=https://api.twitter.com/oauth/request_token

I add client ID so where is problem. And I hope I correct add oauth urls to configuration.

@Update I found problem:) Typo in here:

spring.security.oauth2.client.registration.twiter.authorization-grant-type=token

@UPDATE Now i have another problem, this is my configuration:

spring.security.oauth2.client.registration.twitter.client-id=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/access_token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize

And after i call: http://127.0.0.1:8080/oauth2/authorization/twitter i see this:

Answer 1

• Your question is about using oauth2 client with Twitter and is not possible. Twitter does not support Oauth 2.0 flows involving user.

• It only supports the application only OAuth 2.0 Bearer Token :

  OAuth 2.0 Bearer Token is the application-only authentication method for authenticating with the Twitter API. As this method is specific to the application, it does not involve any users

  https://developer.twitter.com/en/docs/basics/authentication/oauth-2-0

• For flows involving end user, it uses Oauth 1.0a https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a

• As you can see in the diagram below, Oauth 1.0a flow, your application first needs to talk to Authorisation Server to get a request token and pass that token when redirecting the user to authorisation server. And it is the token, that twitter is complaining as missing because it is Oauth 1.0a. Ie you are doing step B without step A.

  

Diagram Reference

https://oauth.net/core/1.0/

Answer 2

Try to change the grant_type as client_credentials and/or changing the oauth token url to https://api.twitter.com/oauth2/token .

Additionally, there are some of the below sites which you can go through to interact with Twitter via Spring's social provider api.

https://docs.spring.io/spring-social-twitter/docs/current/reference/htmlsingle/

https://developer.twitter.com/en/docs/basics/authentication/api-reference/token