0

I am relatively new to Spring Configuration and I am trying to configure an oauth2client and authenticate it through my external identity provider OpenId Connect. I am applying authorization code grant flow.

When the user first accesses the server like localhost:8080 I have an OpenIDConnectAuthenticationFilter bean that redirects to my authentication portal from the IDP:

public class OpenIDConnectAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
@Value("${my.oauth2.clientId}")
private String clientId;

@Value("${my.oauth2.clientSecret}")
private String clientSecret;

@Value("${my.oauth2.userinfolink}")
private String userinfolink;

@Resource
private OAuth2RestOperations restTemplate;

@Autowired
private MyAuthorityMapper appAuthorityMapper;


protected OpenIDConnectAuthenticationFilter(String defaultFilterProcessesUrl) {
    super(defaultFilterProcessesUrl);
    System.out.println("defaultFilterProcessesUrl :" + defaultFilterProcessesUrl);
    setAuthenticationManager(authentication -> authentication); // AbstractAuthenticationProcessingFilter requires an authentication manager.
}

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
    System.out.println("attemptAuthentication ");
    System.out.println(request.getParameterMap());
    Map<String, String> form = new HashMap<String, String>();
    form.put("client_id", clientId);
    form.put("client_secret", clientSecret);
    ResponseEntity<MyUserInfo> userInfoResponseEntity = null;
    userInfoResponseEntity = restTemplate.getForEntity(userinfolink, MyUserInfo.class, form);

    MyUserInfo myUserInfo = userInfoResponseEntity.getBody();
    List userGroupList = new ArrayList();

    return new PreAuthenticatedAuthenticationToken(myUserInfo, empty(), this.appAuthorityMapper.mapAuthorities(userGroupList));

}
}

And my Oauth2Client is:

However my login process gets stopped when I want to exchange the code grant against a token

enter image description here

It seems that the /callback functionality is not being executed and the authenticaiton function implemented above is never entered.

Thanks.

dur
  • 15,689
  • 25
  • 79
  • 125
JPV
  • 1,079
  • 1
  • 18
  • 44

1 Answers1

0

It looks that your application expects callback call under different path. By default Spring expects that exchange code will be returned to endpoint {baseUrl}/login/oauth2/code/{registrationId} where registrationId is a name that you are using in your configuration file.

You can change that in either configuration file:

spring:
 security:
   oauth2:
     client:
       registration:
         okta:
           client-id: <confidential>
           client-secret: <confidential>
           redirectUri: http://localhost:8080/authorization-code/callback
           scope: openid
           clientName: okta

or in code by implementing method void configure(HttpSecurity http)

  @Override
  protected void configure(HttpSecurity http) throws Exception {
     http.oauth2Login()
       .redirectionEndpoint()
       .baseUri("/oauth2/callback/*")

  }
Paweł Adamski
  • 3,285
  • 2
  • 28
  • 48
  • What is the name of registrationId ? BaseUrl should be https://localhost:8080? Also, why you are inserting okta in the configuration file ? – JPV Dec 30 '22 at 11:53
  • https://docs.spring.io/spring-security/site/docs/5.2.12.RELEASE/reference/html/oauth2.html Please read docs. Okta is just an example. – Paweł Adamski Dec 30 '22 at 12:16