Spring Boot OAuth2 Twitch Authentication Issue: Successfully Authorized, But Unable to Access Protected Endpoints

Question

I am using Spring Boot for OAuth2 authentication with Twitch, and I can successfully authorize my application. However, I am facing an issue where, even after successful authorization, I am unable to access protected endpoints. The authorization process seems to work correctly, but when trying to reach secured endpoints, I encounter access issues. Seeking help to troubleshoot and resolve this OAuth2 authentication problem in Spring Boot with Twitch integration.

application.properties:

spring.security.oauth2.client.registration.twitch.client-id=client_id
spring.security.oauth2.client.registration.twitch.client-secret=client_secret
spring.security.oauth2.client.registration.twitch.client-authentication-method=post
spring.security.oauth2.client.registration.twitch.redirect-uri=http://localhost:8080/secure
spring.security.oauth2.client.registration.twitch.provider=twitch
spring.security.oauth2.client.registration.twitch.scope=user:read:email
spring.security.oauth2.client.registration.twitch.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.twitch.authorization-uri=https://id.twitch.tv/oauth2/authorize
spring.security.oauth2.client.provider.twitch.token-uri=https://id.twitch.tv/oauth2/token
spring.security.oauth2.client.provider.twitch.user-info-uri=https://id.twitch.tv/oauth2/userinfo
spring.security.oauth2.client.provider.twitch.user-name-attribute=preferred_username

my controller:

@RestController
@RequestMapping(“/”)
public class DemoController {
@GetMapping
public String getPublic(){
return “Hello from public”;
}
@GetMapping(“secure”)
public String getSecure(){
return “Hello from secure”;
}
}

my configuration:

@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(auth → {
auth.requestMatchers(“/”).permitAll();
auth.anyRequest().authenticated();
})
.oauth2Login(Customizer.withDefaults())
.formLogin(Customizer.withDefaults())
.build();
}
}

my dependencies:

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

I have implemented Spring Boot OAuth2 authentication with Twitch for my application. After completing the authorization process, I expected to be able to access protected endpoints seamlessly. However, despite successful authorization, I am facing issues accessing secured endpoints. I have reviewed my implementation but haven't identified the root cause. Any guidance or suggestions on troubleshooting and resolving this issue would be greatly appreciated. Thank you