stackoom
  简体   繁体   中英

Spring Boot 2 + OAuth2: Configure Exchange of Auth Code for Token

 原文  2018-03-16 05:03:57       java/ spring-boot/ spring-security/ spring-security-oauth2/ okta

Question

I've followed this Spring Boot OAuth2 tutorial on configuring an OAuth2 client. Unfortunately, once a "user" authenticates with the Idp (Okta) a redirect with a "code" takes place that results in a redirect loop of: /login -> /authorize... -> /login... -> /login

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Does anyone know what is or could be the issue and how to solve it? Details follow.

Okta configuration:

Login redirect URIs: http://localhost:8080/auth/login

Logout redirect URIs: http://localhost:8080/auth/logout

Login initiated by: App only

Initiate login URI: http://localhost:8080/auth/login

The configuration properties are: 

okta:
  oauth2:
    client:
      client-id: clientId
      client-secret: clientSecret
      scope: openid profile email
      client-authentication-scheme: form
      access-token-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/token
      user-authorization-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/authorize
    resource:
      user-info-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/userinfo

The filter is: 

  private Filter filter() {
    OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(
        "/login");
    OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(oktaClient(), oauth2ClientContext);
    filter.setRestTemplate(restTemplate);
    UserInfoTokenServices tokenServices = new UserInfoTokenServices(oktaResource().getUserInfoUri(),
        oktaClient().getClientId());
    tokenServices.setRestTemplate(restTemplate);
    filter.setTokenServices(tokenServices);

    return filter;
  }

The WebSecurityConfigurerAdapter configure is: 

  @Configuration
  @EnableOAuth2Client
  public class WebSecConfig extends WebSecurityConfigurerAdapter {
  ....
  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**").authorizeRequests()
        .antMatchers("/", "/login**", "/logout**", "/v2/api-docs", "/configuration/ui",
            "/configuration/security", "/swagger-resources/**", "/swagger-ui.html", "/webjars/**")
        .permitAll()
        .anyRequest().authenticated().and().exceptionHandling()
        .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().csrf()
        .csrfTokenRepository(
            CookieCsrfTokenRepository.withHttpOnlyFalse()).and().addFilterBefore(filter(),
        BasicAuthenticationFilter.class);
  }
  ....
  }

Update: Solution was to change LoginUrlAuthenticationEntryPoint("/login") to LoginUrlAuthenticationEntryPoint("/") and re-create the authorization server.

1 answers

solution1
 1 ACCPTED  2018-03-16 13:21:52

You should use the default authorization server, or one you created. If you use the default, it should look something like: 

https://mydomain.oktapreview.com/oauth2/default

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring boot oauth2 token How get a token in spring boot 2 oauth2? Spring boot OAuth2 - OAuth Token does not return authorization token How to configure oauth2 in spring boot BE + spring boot FE + keycloak Spring OAuth2 Auth Server: a specific /oauth/token filter? Token exchange in spring oauth2 client credentials flow Deployed app cannot exchange oauth2 code for token Spring - oauth2 - exchange authorization code for refresh and access tokens How to configure spring boot security OAuth2 for ADFS? Unable to access resources with access_token : spring boot Oauth2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM