2

I have added Azure AD as an authentication server but it is showing me the following error

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]

  • Springboot: 2.5.8
  • Azure version: 3.10.0

my application.properties:

 spring.security.oauth2.client.registration.azure-client.provider=azure-ad
 spring.security.oauth2.client.registration.azure-client.client-id=<Client_id>
 spring.security.oauth2.client.registration.azure-client.client-secret=<Client_secret>
 spring.security.oauth2.client.registration.azure-client.authorization-grant-type=authorization_code
 spring.security.oauth2.client.registration.azure-client.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
 spring.security.oauth2.client.registration.azure-client.scope=openid, profile
 spring.security.oauth2.client.registration.azure-client.client-authentication-method=post
 spring.security.oauth2.client.provider.azure-ad.authorization-uri=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
 spring.security.oauth2.client.provider.azure-ad.token-uri=https://login.microsoftonline.com/common/oauth2/v2.0/token
 spring.security.oauth2.client.provider.azure-ad.jwk-set-uri=https://login.microsoftonline.com/common/discovery/v2.0/keys
 spring.security.oauth2.client.provider.azure-ad.user-name-attribute=name
 server.forward-headers-strategy=native
 logging.level.org.springframework.security=DEBUG

And SecurityConfig class:

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {    
     @Override
     protected void configure( HttpSecurity http ) throws Exception {    
         http.authorizeRequests()
                 .antMatchers( "/oauth2/**", "/login/**" ).permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .oauth2Login()
                 .defaultSuccessUrl( "/home" );
    
     }
 }

And Controller:

 @RestController
 public class HomeController {
    
     @GetMapping( "home" )
     public String home( @AuthenticationPrincipal(expression = "claims['name']") String name ) {
         return String.format( "Hello %s!  welcome to the Security app", name);
     }
 }
James Z
  • 12,209
  • 10
  • 24
  • 44
Naresh Pawar
  • 179
  • 2
  • 3
  • 15

2 Answers2

5

On Work around

Solution 1: Make sure you have entered the correct TenantID, ApplicationID and Application_Secret, and the Group name in the application.properties file

and also the scopes your app is requesting have been configured (if admin consent is required, please grant it) in Azure Portal.

Solution 2: Try with changing the the azure endpoints from v2 to v1. This is done by changing the endpoints

e.g. http://login.microsoft.com/common/oauth2/v2.0/authorize becomes http://login.microsoft.com/common/oauth2/authorize as indicated in the v1 & v2 comparison.

For more information about v1 refer this document

For more details refer this SO Thread:

ShrutiJoshi-MT
  • 1,622
  • 1
  • 4
  • 9
  • 2
    thanks for the reply, the actual issue is I had added the wrong client secret, and after adding the correct secret it is working perfectly. – Naresh Pawar Dec 29 '21 at 05:20
5

I got the same error invalid_token_response while updating to Spring Boot 3 and Spring security 6. The solution is to correct the property

spring.security.oauth2.client.registration.<id>.client-authentication-method and set it to client_secret_post instead of post.

post does not exist (any more). Compare to https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/oauth2/core/ClientAuthenticationMethod.html#CLIENT_SECRET_POST

Matthias Wiedemann
  • 1,313
  • 12
  • 22