1

I am trying use spirng-oauth2-client to connect my project with a third-party authentication server (following this instruction), ans right now when I run the application, after the authorization step, I am redirect back for my application, and a page with this error is displayed:

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 406 Not Acceptable: [Media is not supported]

In the comments for an answer in another Stack Overflow post, someone suggested that this is happening because "Spring makes the POST for the authenntication code with FORM parameters, whereas mercadolibre expects no body, only query parameters".

I have this configuration right now:

application.properties

spring.security.oauth2.client.registration.mercadolivre.provider=mercadolivre
spring.security.oauth2.client.registration.mercadolivre.client-id=...
spring.security.oauth2.client.registration.mercadolivre.client-secret=...
spring.security.oauth2.client.registration.mercadolivre.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.mercadolivre.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.provider.mercadolivre.authorization-uri=https://auth.mercadolivre.com.br/authorization
spring.security.oauth2.client.provider.mercadolivre.token-uri=https://api.mercadolibre.com/oauth/token

security.java

@Configuration
public class Security extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
         .anyRequest().authenticated()
         .and()
         .oauth2Login()
          .defaultSuccessUrl("/");
    }
}

Anyone knows how to change the Spring behavior to match th required for the service? I mean, making the POST for the authenntication code with no body, only query parameters?

Kleber Mota
  • 8,521
  • 31
  • 94
  • 188
  • Did you try to see what is the acceptable content type is in your redirected endpoint? Maybe you must specify the Accept: application/json or whathever the request send as data type. – Guilherme Melo Apr 15 '20 at 18:09
  • where I specify that? – Kleber Mota Apr 15 '20 at 20:43
  • 1
    Your page seems to be the default oauth output from spring itself it means there is no configurations has been done to show the another page after successful authentication. Have you checked this answer https://stackoverflow.com/a/49675748/415749 – Sariq Shaikh Apr 16 '20 at 13:55
  • I've tried this, but still got the same problem. – Kleber Mota Apr 16 '20 at 17:47
  • Can you please post response header of the 3,4,5 requests shown here https://i.stack.imgur.com/3lIyy.png the service you are using mercadolivre thats too special to try from our side. – Sariq Shaikh Apr 19 '20 at 19:32
  • 3: https://imgur.com/a/HJRC6By, 4: https://imgur.com/a/csyMfYW, 5: https://imgur.com/a/ESImaBI – Kleber Mota Apr 19 '20 at 19:41

3 Answers3

1

For me the error was [invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized

The issue was an expired/outdated Client Id and Secret. (I used the Client Id and Secret before and it worked)

kid.boghy
  • 11
  • 1
  • This is a different error than in the question, so I believe you are not answering the given question, which answers are for. – Ruli Sep 20 '21 at 07:57
  • This was the first link when i searched for my error, so maybe this helps someone. – kid.boghy Sep 21 '21 at 06:24
0

This error relates to the response you get from the authentication server, either during client authentication or during fetching of the user-info. We can force the method for both requests to be BASIC instead of POST with these properties

spring.security.oauth2.client.registration.mercadolivre.client-authentication-method=BASIC
spring.security.oauth2.client.provider.mercadolivre.user-info-authentication-method=BASIC
Ahmed Sayed
  • 1,429
  • 12
  • 12
  • Still not working for me. Posted question here - https://stackoverflow.com/questions/67571950/an-error-occurred-while-attempting-to-retrieve-the-oauth-2-0-access-token-respon – PAA May 17 '21 at 14:57
-1

In you controller tha you is redirected for, try to put consumes Json like this:

@GetMapping(value = "", consumes = MediaType.APPLICATION_JSON_VALUE)
public String indexPage() {
    .
    .
}

Or MediaType.ALL_VALUE

Guilherme Melo
  • 209
  • 3
  • 13
  • This response is not coming from the server, it's coming from the authentication provider `mercadolivre.com`, this is why this configuration is irrelevant. – Ahmed Sayed Apr 21 '20 at 16:13