发表新帖
发表新帖

redirect_uri using http instead of https

前端 未结
关注
4 1655
生来不讨喜
生来不讨喜 2020-12-16 04:44

I\'m using spring stack (Spring Boot 2.0.1.RELEASE) for creating a site that delegues user authentication/registration to Facebook via OAuth2. When I click the \"login with

相关标签:
4条回答
  • 梦谈多话
    2020-12-16 05:30

    We faced the same issue while running in OpenShift and authenticating against Microsoft Azure. Filtering seemed like hacking, the *.redirect-uri-template properties are now deprecated, and after returning from Azure the outgoing and incoming redirect URIs did not match.

    After much searching, this simple entry in application.properties solved the issue:

    server.forward-headers-strategy=framework
    0 讨论(0)
  • 情书的邮戳
    2020-12-16 05:34

    I faced with exact the same problem but with Google.

    Having the following architecture of microservices

    Google Auth Server


  Zuul Gateway (:8080)
     /   \
    /     \
   /       \
Other      OAuth2Client (:5000)

    while running at local machine everything works fine, but in AWS Elastic Beanstalk I catch the very same exception.

    After debugging, I found out that in my case, when OAuth2Client is behind Zuul proxy (they implemented in separate microservices) I really get different redirect_uri values in the check inside OAuth2LoginAuthenticationProvider:

    if (!authorizationResponse.getRedirectUri().equals(authorizationRequest.getRedirectUri())) {
    OAuth2Error oauth2Error = new OAuth2Error(INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE);
    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}

    So in my case in AWS I have following values:

    authorizationResponse.getRedirectUri()
http://[INNER_AWS_ESB_IP]:5000/auth/login/oauth2/code/google

authorizationRequest.getRedirectUri()
https://[MY_PROJECT_DOMAIN_NAME]/auth/login/oauth2/code/google

    where [INNER_AWS_ESB_IP] is an IP address of inner network in AWS Elastic Beanstalk and [MY_PROJECT_DOMAIN_NAME] is a domain name of my project, which is hardcoded in application.yml as redirect-uri-template parameter.

    I have the following config in application.yml of my OAuth2Client microservice

    server:
  port: 5000
  servlet:
     contextPath: /auth
  use-forward-headers: true

spring:
  security:
    oauth2:
      resource:
        filter-order: 3
      client:
        registration:
          google:
            client-id:  [REMOVED]
            client-secret: [REMOVED]
            redirect-uri-template: ${MY_PROJECT_DOMAIN_NAME:http://localhost:8080}/auth/login/oauth2/code/google
            scope: profile,email

    Loreno, what kind of architecture do you have? Can you share your config?

    UPDATE

    Seems that problem is connected directly with implementation of Spring Security Oauth2 Client in version science 5.0

    Problem can be reproduced, if launch Zuul Gateway microservice on some separate virtual machine and other microservices should be launched at local machine ☝️ So Google should be called from the browser on VM.

    The solution which helps me to avoid this problem is to add custom Filter with custom HttpServletRequestWrapper which can override method and return "right" URL to satisfy the check in OAuth2LoginAuthenticationProvider.java:115

    0 讨论(0)
  • 醉话见心
    2020-12-16 05:38

    For me works this. I have set 

    redirect-uri-template: "{baseUrl}/login/oauth2/code/{registrationId}"

    and wrote custom filter which chnge http to https

    @Slf4j
public class LinkedInRewriteFilter extends OncePerRequestFilter {

private static final String GET_PROTOCOL = "://.*";
private static final String LINKED_IN = "linkedin";
private static final String HTTPS = "https";

@Value("${base-url}")
private String baseUrl;

@Value("${server.port}")
private int serverPort;

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    if (request.getRequestURL().toString().contains(LINKED_IN)) {
        request = new LinkedInHttpServletRequestWrapper(request);
    }
    filterChain.doFilter(request, response);
}

public class LinkedInHttpServletRequestWrapper extends HttpServletRequestWrapper {

    public LinkedInHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String getScheme() {
        return baseUrl.replaceFirst(GET_PROTOCOL, StringUtils.EMPTY);
    }

    @Override
    public int getServerPort() {
        return HTTPS.equals(getScheme()) ? 443 : serverPort;
    }
}

    }

    0 讨论(0)
  • 面向向阳花
    2020-12-16 05:44

    I encountered the same error when I m setting up a Spring Boot application to authenticate users using Facebook OAuth2 implementation. Nginx (functions as reverse proxy) is configured to front the web app and also to offload the SSL cert.

    Initially, I tried to customize the property: redirect-uri-template so that the redirect uri can be hard-coded with https://{domain}/login/oauth2/code/facebook (this is because Facebook only accepts HTTPS protocol for valid OAuth Redirect URI). It didnt work as I encountered the same error: OAuth2AuthenticationException: [invalid_redirect_uri_parameter]

    Then, I found the proposed solution in link, which works for me. So, it is basically to set the OAuth2 Login Application with server.use-forward-headers=true and remove the customized property: redirect-uri-template.

    Hope it helps :)

    0 讨论(0)
 看不清?
提交回复
热议问题