1

I followed this guide and cloned the authserver. The project has an authserver and a client (as test). Example works fine but if I remove context-path property (I just want my app to work on /), it fails after redirect back to the client. Example:

  1. Go to the client (localhost:9999);
  2. Redirected to the authserver (localhost:8080);
  3. Login through GitHub;
  4. Redirected to the authserver and immediatly to the client with next url:

http://localhost:9999/login?code=dqoxz4&state=79qtJ5

Whitelabel error page responds:

There was an unexpected error (type=Unauthorized, status=401).
Authentication Failed: Could not obtain access token

As I mentioned above, it fails only if context-path is / (or removed at all). Otherwise, all works.

Boris
  • 4,944
  • 7
  • 36
  • 69

2 Answers2

3

From your link:

The context path has to be explicit if you are running both the client and the auth server on localhost, otherwise the cookie paths clash and the two apps cannot agree on a session identifier.

We run successfully an app on / and AuthServer on /uaa. Try to set Context-Path on your AuthServer. Look at cookies from your app and AuthServer: they should not have same path.

EDIT:

Different domains should be fine. They don't share cookies. On same host, like localhost, you must use context path, because cookies are not port specific. See: https://stackoverflow.com/a/16328399/926620

Alternatively, you put domains in /etc/hosts (linux) or c:\windos\system32\drivers\etc\hosts. Just add line like:

127.0.0.1 website authserver

And then you can use http://website:9999 and http://authserver:8080 on same machine for development.

Or you can also set different names for cookies. See http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html:

server.session.cookie.name=auth
server.session.cookie.name=web
Community
  • 1
  • 1
Anton Bessonov
  • 9,208
  • 3
  • 35
  • 38
  • I would like to host auth server on another domain. By the way, I have two `JSESSIONID` on the client. Will it work if I'll try to access auth server with a local IP? – Boris Nov 26 '16 at 08:25
  • Thanks! The solution with `hosts` is awesome! – Boris Nov 29 '16 at 07:17
  • The different names for server and client cookies did the trick for me. +1 – THelper Apr 12 '17 at 13:35
0

You can set RedirecURI in your client application:

security:   oauth2:
client:
  client-id: acme
  client-secret: acmesecret
  access-token-uri: http://localhost:8080/oauth/token
  user-authorization-uri: http://localhost:8080/oauth/authorize
  pre-established-redirect-uri: http://localhost:9999/client

and you can set it on oauth2 server while registering the clients.

but I think it return to your ROOT context pass, Somthing like it have not enough persmission on Root pass or another application uses this context pass...

Pasha
  • 1,534
  • 15
  • 27