Not able to connect Spring OAuth2 Authorization Server with Client

Hello,

I use Spring Boot 2.1.0.M4 I have Authorization Server on port 9090 with next configuration : AuthorizationServerConfiguration

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

  private AuthenticationManager authenticationManager;

  public AuthorizationServerConfiguration(
      AuthenticationManager authenticationManager) {
    this.authenticationManager = authenticationManager;
  }

  @Override
  public void configure(AuthorizationServerSecurityConfigurer security) {
    security
        .tokenKeyAccess("isAuthenticated()");
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
        .withClient("account")
        .authorizedGrantTypes("authorization_code")
        .secret("{noop}secret")
        .scopes("all")
        .redirectUris("http://localhost:8080/login/oauth2/code/xyz")
        .autoApprove(true);
  }

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
    endpoints
        .authenticationManager(authenticationManager)
        .tokenStore(tokenStore())
        .accessTokenConverter(accessTokenConverter());
  }

  @Bean
  public TokenStore tokenStore() {
    return new JwtTokenStore(accessTokenConverter());
  }

  /**
   * JWT converter.
   */
  @Bean
  public JwtAccessTokenConverter accessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    KeyStoreKeyFactory keyStoreKeyFactory =
        new KeyStoreKeyFactory(new ClassPathResource("keystore/xyz.jks"),
            "xyz".toCharArray());
    converter.setKeyPair(keyStoreKeyFactory.getKeyPair("xyz"));
    return converter;
  }

}

and Client on 8080 application.yml

spring:
  security:
    oauth2:
      client:
        registration:
          xyz:
            client-id: account
            client-secret: secret
            authorization-grant-type: authorization_code
            redirect-uri-template: '{baseUrl}/{action}/oauth2/code/{registrationId}'
            scope: all
            client-name: XYZ
            provider: xyz
            clientAuthenticationMethod: basic
        provider:
          xyz:
            authorization-uri: http://localhost:9090/oauth/authorize
            token-uri: http://localhost:9090/oauth/token

SecurityConfig

@EnableOAuth2Client
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .mvcMatchers("/", "/public/**").permitAll()
        .anyRequest().authenticated()
        .and()
        .oauth2Login()
        .and()
        .oauth2Client();
  }
}

Steps

go to secure endpoint on Client App : localhost:8080/secure
Automatic redirect to Auth Server localhost:9090/login
put correct user and password
Automatic redirect back to Client app Actual result : error [authorization_request_not_found] Expected result : Successful Authentication and display of secured data

LOG

2018-10-12 16:53:12.120 DEBUG 12480 --- [nio-8080-exec-5] o.a.coyote.http11.Http11InputBuffer      : Received [GET /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://localhost:9090/login
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,ro;q=0.8
Cookie: JSESSIONID=80347556D64E885D77DB7A3621C44113

]
2018-10-12 16:53:12.122 DEBUG 12480 --- [nio-8080-exec-5] o.a.t.util.http.Rfc6265CookieProcessor   : Cookies: Parsing b[]: JSESSIONID=80347556D64E885D77DB7A3621C44113
2018-10-12 16:53:12.122 DEBUG 12480 --- [nio-8080-exec-5] o.a.catalina.connector.CoyoteAdapter     :  Requested cookie session id is 80347556D64E885D77DB7A3621C44113
2018-10-12 16:53:12.122 DEBUG 12480 --- [nio-8080-exec-5] o.a.c.authenticator.AuthenticatorBase    : Security checking request GET /login/oauth2/code/xyz
2018-10-12 16:53:12.122 DEBUG 12480 --- [nio-8080-exec-5] org.apache.catalina.realm.RealmBase      :   No applicable constraints defined
2018-10-12 16:53:12.122 DEBUG 12480 --- [nio-8080-exec-5] o.a.c.authenticator.AuthenticatorBase    :  Not subject to any constraint
2018-10-12 16:53:12.123 DEBUG 12480 --- [nio-8080-exec-5] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"]
2018-10-12 16:53:12.123 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 1 of 17 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-10-12 16:53:12.123 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 2 of 17 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-10-12 16:53:12.123 DEBUG 12480 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 3 of 17 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 4 of 17 in additional filter chain; firing Filter: 'CsrfFilter'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 5 of 17 in additional filter chain; firing Filter: 'LogoutFilter'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /login/oauth2/code/xyz' doesn't match 'POST /logout'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 6 of 17 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/xyz'; against '/oauth2/authorization/{registrationId}'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] org.apache.tomcat.util.http.Parameters   : Set encoding to UTF-8
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] org.apache.tomcat.util.http.Parameters   : Decoding query null UTF-8
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] org.apache.tomcat.util.http.Parameters   : Start processing with input [code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D]
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 7 of 17 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/xyz'; against '/oauth2/authorization/{registrationId}'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : /login/oauth2/code/xyz?code=czYYjf&state=0wPXmCCLltlGK4WjPf_LaDJXOqe5Ug6h4df-FYWlxYI%3D at position 8 of 17 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/xyz'; against '/login/oauth2/code/*'
2018-10-12 16:53:12.124 DEBUG 12480 --- [nio-8080-exec-5] .s.o.c.w.OAuth2LoginAuthenticationFilter : Request is to process authentication
2018-10-12 16:53:12.127 DEBUG 12480 --- [nio-8080-exec-5] .s.o.c.w.OAuth2LoginAuthenticationFilter : Authentication request failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: [authorization_request_not_found] 

org.springframework.security.oauth2.core.OAuth2AuthenticationException: [authorization_request_not_found] 
	at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:165)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:155)
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:123)
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

2018-10-12 16:53:12.128 DEBUG 12480 --- [nio-8080-exec-5] .s.o.c.w.OAuth2LoginAuthenticationFilter : Updated SecurityContextHolder to contain null Authentication
2018-10-12 16:53:12.128 DEBUG 12480 --- [nio-8080-exec-5] .s.o.c.w.OAuth2LoginAuthenticationFilter : Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@46a86dc8
2018-10-12 16:53:12.128 DEBUG 12480 --- [nio-8080-exec-5] .a.SimpleUrlAuthenticationFailureHandler : Redirecting to /login?error
2018-10-12 16:53:12.128 DEBUG 12480 --- [nio-8080-exec-5] o.s.s.web.DefaultRedirectStrategy        : Redirecting to '/login?error'

Issue Analytics

State:
Created 5 years ago
Comments:8 (3 by maintainers)

Top GitHub Comments

16reactions

jgrandjacommented, Oct 12, 2018

@alexcibotari The reason you’re getting the [authorization_request_not_found] error is because the Session Cookie is being overwritten. Since you’re running the Authorization Server on http://localhost:9090 and the Client App on http://localhost:8080, the host names are the same so the Cookie from http://localhost:8080 is being overwritten with the Cookie assigned from http://localhost:9090. NOTE: Ports are not accounted for in Cookies.

You need to assign a Host name for either the Authorization Server or Client App (or both) if running on localhost. Try that and let me know how it goes.

0reactions

ankitacroit09commented, Feb 7, 2022

Hi I am also facing the same issue. But in mine case its got pass when I am running the UI on https://localhost:3000 and server on https:/localhost:443.

but while running the UI on same https://localhost:3000 but server on dev URL like https://dev_url/ I am facing the Oauth 2 authorization_request_not_found]