Spring Boot & OAuth2.0: At least one redirect_uri must be registered with the client
Question
So I login to an app and go to an external feature, which demands another login (all within the app). Now it has become impossible to log into that external feature as it throws error (code 400):
OAuth Error. error="invalid_request", error_description="At least one redirect_uri must be registered with the client."
This error is thrown whenever I'm using the app or try to login to the external feature directly.
I had upgraded Spring Boot in a project to 1.5.22 from 1.4.1, which may have caused this. After downgrading back Spring Boot to 1.4.1 the problem was gone.
Then I tried updating Spring Boot to 1.5.22 again and additionally included this in application.configuration:
security.oauth2.client.pre-established-redirect-uri=https://page.com
security.oauth2.client.registered-redirect-uri=https://page.com
security.oauth2.client.use-current-uri=false
It didn't help. Then in browser's Network tab I noticed redirect_url parameter in Query String Parameters, which differed from the one I specified. It was something like:
https://page.com/oauth-authorized/app
I updated application.configuration as above. However, nothing has changed.
How to proceed?
Some code:
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
@Autowired
@Qualifier("clientDetailsServiceImpl")
private ClientDetailsService clientDetailsService;
@Autowired
private DefaultTokenServices tokenServices;
@Autowired
private TokenEnhancer tokenEnhancer;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.setClientDetailsService(clientDetailsService);
endpoints
.tokenStore(tokenStore)
.authenticationManager(authenticationManager)
.tokenServices(tokenServices)
.tokenEnhancer(tokenEnhancer)
.pathMapping("/oauth/token", "/api/oauth/token")
.pathMapping("/oauth/check_token", "/api/oauth/check_token")
.pathMapping("/oauth/authorize", "/api/oauth/authorize")
.pathMapping("/oauth/error", "/api/oauth/error");
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.checkTokenAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService);
}
}
=================================================================================================
@Service
@Primary
public class ClientDetailsServiceImpl implements ClientDetailsService {
@Autowired
private ClientRepository clientRepository;
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
Client client = clientRepository.findOneByClientId(clientId)
.orElseThrow(() -> new NoSuchClientException(
String.format("Client with clientId=%s was not found", clientId)));
return new com.app.auth.domain.ClientDetails(client);
}
}
Edit: After downgrading Spring Boot once again the problem seems gone but it's not much of a fix.
1 answers
solution1
0 2020-02-05 05:01:20
After authentication, you may need to contact the resource owner and ask for support and then redirect to your client application or you may redirect to client application directly. for that, add redirectUris in your Authorization server config
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client_id").secret("client_secret").authorizedGrantTypes("authorization_code")
.scopes("read").authorities("CLIENT").redirectUris("http://localhost:8090/your_redirect_URL");
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.