-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exceptions should be handled correctly even if user info endpoint is misconfigured #13778
Comments
Hi, @wapkch. Unfortunately, I have not been able to reproduce the error. Can you provide a minimal, reproducible sample that has everything that we need to reproduce it? You can use the Spring Authorization Server and the Testcontainers support in Spring Boot to make it easier to run. |
Hi, @marcusdacoregio Thanks for reply. I have updated the demo. The issue can be reproduced by the following steps:
|
Hi, @wapkch. This has been resolved as part of spring-projects/spring-framework#31283, available in Spring Framework 6.0.13. Thank you. |
Expected Behavior
When using Spring Security OAuth2 Client, even if we misconfigured the user info endpoint which result in an OAuth2AuthenticationException, the exception should be processed instead of an internal error which result in HTTP status 500.
Current Behavior
When using Spring Security OAuth2 Client, if a wrong user info endpoint which response contains invalid content type 'text/html' is configured, an OAuth2AuthenticationException will be thrown in the process of oauth callback request, if we use Spring Data session redis at the same time, an SerializationException will be thrown:
I'm not sure what cause the OAuth2AuthenticationException cannot be serialized, the OAuth2AuthenticationException looks like this:
Context
A sample to reproduce the issue can be found here: https://github.com/wapkch/spring-security-oauth2-client-demo
http://localhost:8081/
Then we can reproduce:
And the log:
The text was updated successfully, but these errors were encountered: