Spring boot + oauth2 + HttpClientErrorException 401 Unauthorized

2.2k views Asked by At

I'm using the spring boot tutorial as a base (https://spring.io/guides/tutorials/spring-boot-oauth2/) to test Oauth2.

However, my auth server isn't facebook, it's Netiq Access Manager (NAM). I managed to be redirected to NAM login page, but after logging in, i get the following error:

Whitelabel Error

The log shows:

o.s.b.a.s.o.r.UserInfoTokenServices      : Could not fetch user details: class org.springframework.web.client.HttpClientErrorException, 401 Unauthorized

This is the project:

Project structure

The app code:

package com.example.springoauthdemo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;

@SpringBootApplication
@EnableOAuth2Sso
public class SocialApplication {

    public static void main(String[] args) {
        SpringApplication.run(SocialApplication.class, args);
    }
}

The application.yml

security:
  oauth2:
    client:
      clientId: 55bb61f1-4384-4939-9cd0-fa7d76af9a0c
      clientSecret: fdUjegFlCJjnD778RUSuS4SqMRey4IKVDOkadi4hjN6YbhC1xCInxoxobf-a-p-po8rt1wfZM2BPqJHpcZ-FGs
      accessTokenUri: https://nam.example.com/nidp/oauth/nam/token
      userAuthorizationUri: https://nam.example.com/nidp/oauth/nam/authz
      tokenName: oauth_token
      authenticationScheme: query
      clientAuthenticationScheme: form
    resource:
      userInfoUri: https://localhost:8443/index.html
      #userInfoUri: https://nam.example.com/nidp/oauth/nam/userinfo

server:
  port: 8443
  ssl:
    enabled: true
    key-alias: tomcat-localhost
    key-password: changeit
    key-store: classpath:keystore.jks
    key-store-provider: SUN
    key-store-type: JKS
    key-store-password: changeit

As far i know, using this Oauth2 flow as example, step 1, 2 and 3 seems to be ok, so the problem is trying to get the access token?

Any ideas?

Thanks in advance!

1

There are 1 answers

0
Francesc Recio On

When you are authenticated and you have a user, you can validate it against the userInfoUri, which returns a Principal object of the oauth.

You are setting this value against an html:

resource:
      userInfoUri: https://localhost:8443/index.html

It should be something like:

resource:
      userInfoUri: https://localhost:8443/userinfo

And that service response would have to return something like:

@RequestMapping("/userinfo")
    Principal getUser(Principal user) {
        return user;
    }