Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Spring Security 5.1 Startup #1

Merged
merged 1 commit into from
Jul 18, 2018
Merged

Fix Spring Security 5.1 Startup #1

merged 1 commit into from
Jul 18, 2018

Conversation

rwinch
Copy link
Contributor

@rwinch rwinch commented Jul 18, 2018

No description provided.

@mraible
Copy link
Contributor

mraible commented Jul 18, 2018

Thanks, @rwinch! BTW, is there an easy way to get the "end_session_endpoint" value from https://dev-158606.oktapreview.com/oauth2/default/.well-known/openid-configuration? If so, I wouldn't need to manually construct the logout URI in UserController.

@mraible mraible merged commit ddcae3c into oktadev:spring-security-5.1 Jul 18, 2018
@rwinch
Copy link
Contributor Author

rwinch commented Jul 18, 2018

@mraible Not that the moment. Can you please create a ticket for that?

@mraible
Copy link
Contributor

mraible commented Jul 18, 2018

Ticket at spring-projects/spring-security#5540.

@rwinch This PR fixes startup, but I still get the following error when navigating to http://localhost:8080/login.

2018-07-18 13:24:05.271 ERROR 42575 --- [io-8080-exec-10] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
        at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.getRedirectForAuthorization(AuthorizationCodeAccessTokenProvider.java:359) ~[spring-security-oauth2-2.2.1.RELEASE.jar:na]
        at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:205) ~[spring-security-oauth2-2.2.1.RELEASE.jar:na]
        at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221) ~[spring-security-oauth2-2.2.1.RELEASE.jar:na]
        at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173) ~[spring-security-oauth2-2.2.1.RELEASE.jar:na]
        at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105) ~[spring-security-oauth2-2.2.1.RELEASE.jar:na]
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.1.0.BUILD-SNAPSHOT.jar:5.1.0.BUILD-SNAPSHOT]

@rwinch
Copy link
Contributor Author

rwinch commented Jul 18, 2018

@mraible Ok I will try and figure that out. I'm somewhat allergic to JavaScript, but perhaps that part won't bee to bad.

@mraible
Copy link
Contributor

mraible commented Jul 18, 2018

@rwinch There's no JavaScript involved. I expect it to redirect to Okta with my OIDC settings, just like it does when I use the OAuth 2.0 properties.

security:
  oauth2:
    client:
      access-token-uri: https://dev-158606.oktapreview.com/oauth2/default/v1/token
      user-authorization-uri: https://dev-158606.oktapreview.com/oauth2/default/v1/authorize
      client-id: XXX
      client-secret: YYY
      scope: openid email profile
    resource:
      user-info-uri: https://dev-158606.oktapreview.com/oauth2/default/v1/userinfo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mraible mraible mraible approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rwinch @mraible