首页 文章

Spring Boot 2 OAuth2:为令牌配置Auth代码交换

提问于
浏览
0

我已经按照这个Spring Boot OAuth2教程来配置OAuth2客户端 . 不幸的是,一旦使用Idp(Okta)进行身份验证,就会发生一个带有"code"的重定向,导致重定向循环: /login -> /authorize... -> /login... -> /login

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

有谁知道问题是什么或可能是什么以及如何解决?细节如下 .

Okta配置:

登录重定向URI:http:// localhost:8080 / auth / login注销重定向URI:http:// localhost:8080 / auth / logout登录发起者:仅限应用程序启动登录URI:http:// localhost:8080 / auth /登录

配置属性是:

okta:
  oauth2:
    client:
      client-id: clientId
      client-secret: clientSecret
      scope: openid profile email
      client-authentication-scheme: form
      access-token-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/token
      user-authorization-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/authorize
    resource:
      user-info-uri: https://mydomain.oktapreview.com/oauth2/myapp/v1/userinfo

过滤器是:

private Filter filter() {
    OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(
        "/login");
    OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(oktaClient(), oauth2ClientContext);
    filter.setRestTemplate(restTemplate);
    UserInfoTokenServices tokenServices = new UserInfoTokenServices(oktaResource().getUserInfoUri(),
        oktaClient().getClientId());
    tokenServices.setRestTemplate(restTemplate);
    filter.setTokenServices(tokenServices);

    return filter;
  }

WebSecurityConfigurerAdapter配置为:

@Configuration
  @EnableOAuth2Client
  public class WebSecConfig extends WebSecurityConfigurerAdapter {
  ....
  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**").authorizeRequests()
        .antMatchers("/", "/login**", "/logout**", "/v2/api-docs", "/configuration/ui",
            "/configuration/security", "/swagger-resources/**", "/swagger-ui.html", "/webjars/**")
        .permitAll()
        .anyRequest().authenticated().and().exceptionHandling()
        .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().csrf()
        .csrfTokenRepository(
            CookieCsrfTokenRepository.withHttpOnlyFalse()).and().addFilterBefore(filter(),
        BasicAuthenticationFilter.class);
  }
  ....
  }

Update: 解决方案是将 LoginUrlAuthenticationEntryPoint("/login") 更改为 LoginUrlAuthenticationEntryPoint("/") 并重新创建授权服务器 .

java spring-boot spring-security spring-security-oauth2 okta

1 回答

  • 1

    您应该使用默认授权服务器或您创建的服务器 . 如果使用默认值,它应该类似于:

    https://mydomain.oktapreview.com/oauth2/default
    回复于

相关问题