java - Spring Boot 2 + OAuth2 : Configure Exchange of Auth Code for Token

我已经关注了这个Spring Boot OAuth2有关配置 OAuth2 客户端的教程。不幸的是，一旦“用户”通过 Idp (Okta) 进行身份验证，就会发生带有“代码”的重定向，从而导致重定向循环:/login ->/authorize... ->/login... ->/登录

Firefox 检测到服务器正在以永远无法完成的方式重定向对此地址的请求。

有谁知道是什么问题或可能是什么问题以及如何解决它？详细信息如下。

Okta 配置:

Login redirect URIs: http://localhost:8080/auth/login

Logout redirect URIs: http://localhost:8080/auth/logout

Login initiated by: App only

Initiate login URI: http://localhost:8080/auth/login

配置属性是:

okta:
  oauth2:
    client:
      client-id: clientId
      client-secret: clientSecret
      scope: openid profile email
      client-authentication-scheme: form
      access-token-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/token
      user-authorization-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/authorize
    resource:
      user-info-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/userinfo

过滤器是:

  private Filter filter() {
    OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(
        "/login");
    OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(oktaClient(), oauth2ClientContext);
    filter.setRestTemplate(restTemplate);
    UserInfoTokenServices tokenServices = new UserInfoTokenServices(oktaResource().getUserInfoUri(),
        oktaClient().getClientId());
    tokenServices.setRestTemplate(restTemplate);
    filter.setTokenServices(tokenServices);

    return filter;
  }

WebSecurityConfigurerAdapter 配置为:

  @Configuration
  @EnableOAuth2Client
  public class WebSecConfig extends WebSecurityConfigurerAdapter {
  ....
  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**").authorizeRequests()
        .antMatchers("/", "/login**", "/logout**", "/v2/api-docs", "/configuration/ui",
            "/configuration/security", "/swagger-resources/**", "/swagger-ui.html", "/webjars/**")
        .permitAll()
        .anyRequest().authenticated().and().exceptionHandling()
        .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().csrf()
        .csrfTokenRepository(
            CookieCsrfTokenRepository.withHttpOnlyFalse()).and().addFilterBefore(filter(),
        BasicAuthenticationFilter.class);
  }
  ....
  }

更新: 解决方案是将 LoginUrlAuthenticationEntryPoint("/login") 更改为 LoginUrlAuthenticationEntryPoint("/") 并重新创建授权服务器。

最佳答案

您应该使用默认授权服务器或您创建的服务器。如果您使用默认值，它应该类似于:

https://mydomain.oktapreview.com/oauth2/default

关于java - Spring Boot 2 + OAuth2 : Configure Exchange of Auth Code for Token，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/49313531/

java - Spring Boot 2 + OAuth2 : Configure Exchange of Auth Code for Token

上一篇：java - 单击按钮时如何将多个复选框值发送到 Firebase 数据库 Android

下一篇：java - 无法运行 Spring Boot 应用程序，出现 OptimisticLockException