I am trying to implement okta(custom-provider) oauth2 sso feature using spring security in my application. Application successffully prompts for the user login and authorises the user. I have my spring security config given below. The problem here is except the login and few other urls which are given permitAll(), all the protected pages are getting redirected to 'redirect-uri'(which is the login url) configured in the application.yml given below. I cannot understand why this happens i couldnt find any solution given in the okta documentation as well. I dont see any error messages in the log. Its just everytime i get to access the secured or protected page the redirect happens to http://localhost:8080/login which is the redirect-uri but i need the redirect to go to the corresponding page the user selected. Am i missing anything here?
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests()
.antMatchers("/","/login**","/vendor/**", "https://fonts.googleapis.com/**", "/css/**",
"https://www.thymeleaf.org", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login();
}
}
application.yml
security:
oauth2:
client:
registration:
custom-client:
client-id:
client-secret:
scope: ["openid", "profile", "email", "address", "phone", "groups"]
provider: custom-provider
state: xoxoxo
redirect-uri: http://localhost:8080/login
client-authentication-method: basic
authorization-grant-type: authorization_code
filter-order: 3
provider:
custom-provider:
token-uri: https://did.oktapreview.com/oauth2/v1/token
authorization-uri: https://did.oktapreview.com/oauth2/v1/authorize
user-info-uri: https://did.oktapreview.com/oauth2/v1/authorize
user-name-attribute: name
can someone
Yes sure, there is a wrong thing.
redirect-uri: http://localhost:8080/login
redirect-uri should be a link to the callback endpoint of your OAuth2.0 Client
In terms of Spring Security OAuth2.0 framework it should be the following pattern:
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
where "baseUrl" is your URL (http://localhost) and "registrationId" is registration name, in your case it is "custom-client"
Actually, you can specify, as "redirect-uri" parameter, a pattern without certain registrationId and baseUrl, so that your configuration should be looks like that:
security:
oauth2:
client:
registration:
custom-client:
client-id:
client-secret:
scope: ["openid", "profile", "email", "address", "phone", "groups"]
provider: custom-provider
state: xoxoxo
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
client-authentication-method: basic
authorization-grant-type: authorization_code
filter-order: 3
provider:
custom-provider:
token-uri: https://did.oktapreview.com/oauth2/v1/token
authorization-uri: https://did.oktapreview.com/oauth2/v1/authorize
user-info-uri: https://did.oktapreview.com/oauth2/v1/authorize
user-name-attribute: name
Also, pay attention to your credentials, it should be filled.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.