I'm using the spring boot tutorial as a base (https://spring.io/guides/tutorials/spring-boot-oauth2/) to test Oauth2.
However, my auth server isn't facebook, it's Netiq Access Manager (NAM). I managed to be redirected to NAM login page, but after logging in, i get the following error:
The log shows:
o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.web.client.HttpClientErrorException, 401 Unauthorized
This is the project:
The app code:
package com.example.springoauthdemo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
@SpringBootApplication
@EnableOAuth2Sso
public class SocialApplication {
public static void main(String[] args) {
SpringApplication.run(SocialApplication.class, args);
}
}
The application.yml
security:
oauth2:
client:
clientId: 55bb61f1-4384-4939-9cd0-fa7d76af9a0c
clientSecret: fdUjegFlCJjnD778RUSuS4SqMRey4IKVDOkadi4hjN6YbhC1xCInxoxobf-a-p-po8rt1wfZM2BPqJHpcZ-FGs
accessTokenUri: https://nam.example.com/nidp/oauth/nam/token
userAuthorizationUri: https://nam.example.com/nidp/oauth/nam/authz
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://localhost:8443/index.html
#userInfoUri: https://nam.example.com/nidp/oauth/nam/userinfo
server:
port: 8443
ssl:
enabled: true
key-alias: tomcat-localhost
key-password: changeit
key-store: classpath:keystore.jks
key-store-provider: SUN
key-store-type: JKS
key-store-password: changeit
As far i know, using this Oauth2 flow as example, step 1, 2 and 3 seems to be ok, so the problem is trying to get the access token?
Any ideas?
Thanks in advance!
When you are authenticated and you have a user, you can validate it against the userInfoUri, which returns a Principal object of the oauth.
You are setting this value against an html:
It should be something like:
And that service response would have to return something like: