Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The spring-authorization-server samples cause incorrect redirects #1920

Open
marcgemis opened this issue Feb 24, 2025 · 0 comments
Open

The spring-authorization-server samples cause incorrect redirects #1920

marcgemis opened this issue Feb 24, 2025 · 0 comments
Labels
type: bug A general bug

Comments

@marcgemis
Copy link

Describe the bug
I have tried the both samples with 3 different browsers (Chrome, Safari, Firefox) on Mac OS 15.3.1. In both all cases, as soon as I submit the consent the browsers complain about incorrect redirects

To Reproduce

  • Start the samples as described on GitHub
  • Browse to http://localhost:8080 (or 4200 for the Angular example)
  • Login in with user1 \ password
  • Give consent (this step is even not possible in Chrome. No mouse and keyboard interaction is possible)
  • Press submit
  • The browsers complains about incorrect redirects

In the logs I see
`> Task :samples-demo-authorizationserver:bootRun

. ____ _ __ _ _
/\ / ' __ _ () __ __ _ \ \ \
( ( )__ | '_ | '| | ' / ` | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=////
:: Spring Boot :: (v3.2.2)

2025-02-24T07:59:34.868+01:00 INFO 21542 --- [ main] s.DemoAuthorizationServerApplication : Starting DemoAuthorizationServerApplication using Java 17.0.10 with PID 21542 (/Users/mgemis/Projects/p4/awp/prepress/archive/experiments/spring-authorization-server-main/samples/demo-authorizationserver/build/classes/java/main started by mgemis in /Users/mgemis/Projects/p4/awp/prepress/archive/experiments/spring-authorization-server-main/samples/demo-authorizationserver)
2025-02-24T07:59:34.870+01:00 INFO 21542 --- [ main] s.DemoAuthorizationServerApplication : No active profile set, falling back to 1 default profile: "default"
2025-02-24T07:59:35.495+01:00 INFO 21542 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with ports 9443 (https), 9000 (http)
2025-02-24T07:59:35.502+01:00 INFO 21542 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2025-02-24T07:59:35.502+01:00 INFO 21542 --- [ main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.18]
2025-02-24T07:59:35.526+01:00 INFO 21542 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2025-02-24T07:59:35.527+01:00 INFO 21542 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 638 ms
2025-02-24T07:59:35.555+01:00 INFO 21542 --- [ main] o.s.j.d.e.EmbeddedDatabaseFactory : Starting embedded database: url='jdbc:h2:mem:029a7b9a-f93e-440f-9c49-0037b56005aa;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=false', username='sa'
2025-02-24T07:59:35.730+01:00 WARN 21542 --- [ main] o.s.security.core.userdetails.User : User.withDefaultPasswordEncoder() is considered unsafe for production and is only intended for sample applications.
2025-02-24T07:59:35.822+01:00 INFO 21542 --- [ main] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with UserDetailsService bean with name users
2025-02-24T07:59:36.478+01:00 WARN 21542 --- [ main] org.apache.tomcat.util.net.SSLUtilBase : The JSSE TLS 1.3 implementation does not support post handshake authentication (PHA) and is therefore incompatible with optional certificate authentication
2025-02-24T07:59:36.588+01:00 INFO 21542 --- [ main] o.a.t.util.net.NioEndpoint.certificate : Connector [https-jsse-nio-9443], TLS virtual host [default], certificate type [UNDEFINED] configured from keystore [/Users/mgemis/.keystore] using alias [demo-authorizationserver-sample] with trust store [null]
2025-02-24T07:59:36.595+01:00 INFO 21542 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on ports 9443 (https), 9000 (http) with context path ''
2025-02-24T07:59:36.601+01:00 INFO 21542 --- [ main] s.DemoAuthorizationServerApplication : Started DemoAuthorizationServerApplication in 1.897 seconds (process running for 2.058)
2025-02-24T07:59:57.974+01:00 INFO 21542 --- [nio-9000-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2025-02-24T07:59:57.974+01:00 INFO 21542 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2025-02-24T07:59:57.975+01:00 INFO 21542 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2025-02-24T08:06:37.194+01:00 ERROR 21542 --- [nio-9000-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Filter execution threw an exception] with root cause

java.lang.NoSuchFieldError: DPOP
at org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2EndpointUtils.validateAndAddDPoPParametersIfAvailable(OAuth2EndpointUtils.java:111) ~[spring-security-oauth2-authorization-server-1.5.0-SNAPSHOT.jar:1.5.0-SNAPSHOT]
at org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeAuthenticationConverter.convert(OAuth2AuthorizationCodeAuthenticationConverter.java:87) ~[spring-security-oauth2-authorization-server-1.5.0-SNAPSHOT.jar:1.5.0-SNAPSHOT]
at org.springframework.security.web.authentication.DelegatingAuthenticationConverter.convert(DelegatingAuthenticationConverter.java:51) ~[spring-security-web-6.3.7.jar:6.3.7]
`

and

`> Task :samples-demo-client:bootRun

. ____ _ __ _ _
/\ / ' __ _ () __ __ _ \ \ \
( ( )__ | '_ | '| | ' / ` | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=////
:: Spring Boot :: (v3.2.2)

2025-02-24T07:59:57.100+01:00 INFO 21604 --- [ main] sample.DemoClientApplication : Starting DemoClientApplication using Java 17.0.10 with PID 21604 (/Users/mgemis/Projects/p4/awp/prepress/archive/experiments/spring-authorization-server-main/samples/demo-client/build/classes/java/main started by mgemis in /Users/mgemis/Projects/p4/awp/prepress/archive/experiments/spring-authorization-server-main/samples/demo-client)
2025-02-24T07:59:57.102+01:00 INFO 21604 --- [ main] sample.DemoClientApplication : No active profile set, falling back to 1 default profile: "default"
2025-02-24T07:59:57.843+01:00 INFO 21604 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 8080 (http)
2025-02-24T07:59:57.848+01:00 INFO 21604 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2025-02-24T07:59:57.848+01:00 INFO 21604 --- [ main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.18]
2025-02-24T07:59:57.875+01:00 INFO 21604 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2025-02-24T07:59:57.875+01:00 INFO 21604 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 756 ms
2025-02-24T07:59:58.480+01:00 INFO 21604 --- [ main] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page template: index
2025-02-24T07:59:58.615+01:00 WARN 21604 --- [ main] o.s.s.c.a.web.builders.WebSecurity : You are asking Spring Security to ignore Deferred [Mvc [pattern='/webjars/'], Ant [pattern='/webjars/']]. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2025-02-24T07:59:58.615+01:00 WARN 21604 --- [ main] o.s.s.c.a.web.builders.WebSecurity : You are asking Spring Security to ignore Deferred [Mvc [pattern='/assets/'], Ant [pattern='/assets/']]. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2025-02-24T07:59:58.707+01:00 INFO 21604 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 8080 (http) with context path ''
2025-02-24T07:59:58.712+01:00 INFO 21604 --- [ main] sample.DemoClientApplication : Started DemoClientApplication in 1.787 seconds (process running for 1.948)
2025-02-24T08:00:26.906+01:00 INFO 21604 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2025-02-24T08:00:26.906+01:00 INFO 21604 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2025-02-24T08:00:26.907+01:00 INFO 21604 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2025-02-24T08:06:37.199+01:00 ERROR 21604 --- [nio-8080-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

java.lang.IllegalArgumentException: The authorization server responded to this Authorization Code grant request with an empty body; as such, it cannot be materialized into an OAuth2AccessTokenResponse instance. Please check the HTTP response code in your server logs for more details.
at org.springframework.util.Assert.notNull(Assert.java:172) ~[spring-core-6.1.3.jar:6.1.3]
at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(DefaultAuthorizationCodeTokenResponseClient.java:85) ~[spring-security-oauth2-client-6.3.7.jar:6.3.7]
at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(DefaultAuthorizationCodeTokenResponseClient.java:56) ~[spring-security-oauth2-client-6.3.7.jar:6.3.7]`

Expected behavior
The examples should work as advertised.
@marcgemis marcgemis added the type: bug A general bug label Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@marcgemis