authrizeRequest

Questions OAuth/OIDC
1 
// Build an OAuth2 request for the Okta provider
		OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("okta")
				.principal("Demo Service")
				.build();

above line from blog How to Use Client Credentials Flow with Spring Security | Okta Developer is giving compilation error. .prinicipal needs authentication,but example shows string

2

Are you using the same version of Spring Boot (v2.4.5) that this blog post is using?

3

no I am using
org.springframework.boot
spring-boot-starter-parent
2.2.7.RELEASE

4

Controller:

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.DependsOn;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.reactive.function.client.WebClient;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;

/**
 * Basic Login controller.
 */
@CrossOrigin  // Allow used HttpMethods on the endpoints, from all origins
@RestController()
public class LoginController
{
    private static final Logger LOG = LoggerFactory.getLogger(LoginController.class);

    private String resourceServerUrl = "http://localhost:11033/";
    @Autowired
    private AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceAndManager;



    /**
     * Show me.
     *
     * @param principal the principal
     */
    @GetMapping(value="/index")
    public void showMe(final Authentication principal){
        System.out.println(principal.getName());
    }


    /**
     * .
     * Redirect to home.
     *
     * @param authentication  the authentication
     * @param servletRequest  the servlet request
     * @param servletResponse the servlet response
     * @return string of page
     * @throws IOException the io exception
     */
    @RequestMapping(value = "/oauth2/callback", method = RequestMethod.GET)
    @DependsOn("authorizedClientServiceAndManager")
    public String  authorizeClient(final Authentication authentication,
                                final HttpServletRequest servletRequest,
                                final HttpServletResponse servletResponse) throws IOException {

        final OAuth2AuthorizeRequest authorizeRequest = OAuth2AuthorizeRequest.withClientRegistrationId("DemoApp")
                .principal("Demo Service")
                .attributes(attrs -> {
                    attrs.put(HttpServletRequest.class.getName(), servletRequest);
                    attrs.put(HttpServletResponse.class.getName(), servletResponse);
                })
                .build();
        System.out.println(authorizeRequest.toString());
        final OAuth2AuthorizedClient authorizedClient = authorizedClientServiceAndManager
                .authorize(authorizeRequest);

        // Get the token from the authorized client object
        final OAuth2AccessToken accessToken = Objects.requireNonNull(authorizedClient).getAccessToken();

        System.out.println(accessToken.getTokenValue());
        LOG.info("Issued: " + accessToken.getIssuedAt().toString() + ", "
                + "Expires:" + accessToken.getExpiresAt().toString());
        LOG.info("Scopes: " + accessToken.getScopes().toString());
        LOG.info("Token: " + accessToken.getTokenValue());
        return "index";
    }

    




}
5

OauthClient Config ::

package com.veriscape.sso.webapp.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client
        .ServletOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.web.reactive.function.client.WebClient;

/**
 * The type Oauth client config.
 */
@Configuration
public  class OauthClientConfig {

    /**
     * Oauth client config client registration.
     *
     * @param issuerUrl              the issuer url
     * @param clientId               the client id
     * @param clientSecret           the client secret
     * @param scope                  the scope
     * @param authorizationGrantType the authorization grant type
     * @param redirectUri            the redirect uri
     * @param tokenUri               the token uri
     * @return the client registration
     */
    @Bean
    ClientRegistration oauthClientRegistration(
            @Value("${spring.cloud.sso.authIssuer}")
            final String issuerUrl,
            @Value("${spring.cloud.sso.authClientId}")
            final String clientId,
            @Value("${spring.cloud.sso.authSecret}")
            final String clientSecret,
            @Value("${spring.cloud.sso.authScope}")
            final String scope,
            @Value("${spring.cloud.sso.authGranttype}")
            final String authorizationGrantType,
            @Value("${spring.cloud.sso.authRedirectUri}")
            final String redirectUri,
            @Value("${spring.cloud.sso.tokenUri}")
            final String tokenUri

    ) {
        System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" + issuerUrl);
        return ClientRegistration
                .withRegistrationId("DemoApp")
                .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                //.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationUri(issuerUrl)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .scope(scope)
                .tokenUri(tokenUri)
                .clientName("DemoApp")
                .redirectUriTemplate(redirectUri)
                .authorizationGrantType(new AuthorizationGrantType(authorizationGrantType))
                .build();
    }   

    /**
     * Client registration repository client registration repository.
     *
     * @param oauthClientRegistration the oauth client registration
     * @return the client registration repository
     */
// Create the client registration repository
    @Bean
    public ClientRegistrationRepository clientRegistrationRepository(final ClientRegistration oauthClientRegistration) {
        System.out.println(oauthClientRegistration.getClientId()+"--"+oauthClientRegistration.getClientName());
        return new InMemoryClientRegistrationRepository(oauthClientRegistration);
    }


    /**
     * Auth 2 authorized client service oauth2 authorized client service.
     *
     * @param clientRegistrationRepository the client registration repository
     * @return the o auth 2 authorized client service
     */
// Create the authorized client service
    @Bean
    public OAuth2AuthorizedClientService auth2AuthorizedClientService(
            final ClientRegistrationRepository clientRegistrationRepository) {
        return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
    }

    /**
     * Authorized client service and manager authorized client service o auth 2 authorized client manager.
     *
     * @param clientRegistrationRepository the client registration repository
     * @param authorizedClientService      the authorized client service
     * @return the authorized client service o  auth2 authorized client manager
     */
// Create the authorized client manager and service manager using the
    // beans created and configured above
    @Bean
    public AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceAndManager(
            final ClientRegistrationRepository clientRegistrationRepository,
            final OAuth2AuthorizedClientService authorizedClientService) {

        final OAuth2AuthorizedClientProvider authorizedClientProvider =
                OAuth2AuthorizedClientProviderBuilder.builder()
                        .clientCredentials()
                        .build();

        final AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager =
                new AuthorizedClientServiceOAuth2AuthorizedClientManager(
                        clientRegistrationRepository, authorizedClientService);
        authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

        return authorizedClientManager;
    }



}
6

OauthClient Config:

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client
        .ServletOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.web.reactive.function.client.WebClient;

/**
 * The type Oauth client config.
 */
@Configuration
public  class OauthClientConfig {

    /**
     * Oauth client config client registration.
     *
     * @param issuerUrl              the issuer url
     * @param clientId               the client id
     * @param clientSecret           the client secret
     * @param scope                  the scope
     * @param authorizationGrantType the authorization grant type
     * @param redirectUri            the redirect uri
     * @param tokenUri               the token uri
     * @return the client registration
     */
    @Bean
    ClientRegistration oauthClientRegistration(
            @Value("${spring.cloud.sso.authIssuer}")
            final String issuerUrl,
            @Value("${spring.cloud.sso.authClientId}")
            final String clientId,
            @Value("${spring.cloud.sso.authSecret}")
            final String clientSecret,
            @Value("${spring.cloud.sso.authScope}")
            final String scope,
            @Value("${spring.cloud.sso.authGranttype}")
            final String authorizationGrantType,
            @Value("${spring.cloud.sso.authRedirectUri}")
            final String redirectUri,
            @Value("${spring.cloud.sso.tokenUri}")
            final String tokenUri

    ) {
        System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" + issuerUrl);
        return ClientRegistration
                .withRegistrationId("DemoApp")
                .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
                //.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationUri(issuerUrl)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .scope(scope)
                .tokenUri(tokenUri)
                .clientName("DemoApp")
                .redirectUriTemplate(redirectUri)
                .authorizationGrantType(new AuthorizationGrantType(authorizationGrantType))
                .build();
    }   

    /**
     * Client registration repository client registration repository.
     *
     * @param oauthClientRegistration the oauth client registration
     * @return the client registration repository
     */
// Create the client registration repository
    @Bean
    public ClientRegistrationRepository clientRegistrationRepository(final ClientRegistration oauthClientRegistration) {
        System.out.println(oauthClientRegistration.getClientId()+"--"+oauthClientRegistration.getClientName());
        return new InMemoryClientRegistrationRepository(oauthClientRegistration);
    }


    /**
     * Auth 2 authorized client service oauth2 authorized client service.
     *
     * @param clientRegistrationRepository the client registration repository
     * @return the o auth 2 authorized client service
     */
// Create the authorized client service
    @Bean
    public OAuth2AuthorizedClientService auth2AuthorizedClientService(
            final ClientRegistrationRepository clientRegistrationRepository) {
        return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
    }

    /**
     * Authorized client service and manager authorized client service o auth 2 authorized client manager.
     *
     * @param clientRegistrationRepository the client registration repository
     * @param authorizedClientService      the authorized client service
     * @return the authorized client service o  auth2 authorized client manager
     */
// Create the authorized client manager and service manager using the
    // beans created and configured above
    @Bean
    public AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceAndManager(
            final ClientRegistrationRepository clientRegistrationRepository,
            final OAuth2AuthorizedClientService authorizedClientService) {

        final OAuth2AuthorizedClientProvider authorizedClientProvider =
                OAuth2AuthorizedClientProviderBuilder.builder()
                        .clientCredentials()
                        .build();

        final AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager =
                new AuthorizedClientServiceOAuth2AuthorizedClientManager(
                        clientRegistrationRepository, authorizedClientService);
        authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);

        return authorizedClientManager;
    }



}
7

application Yam,

spring:
  profiles: default
  cloud:
    consul:
      enabled: false
      config:
        enabled: false
      discovery:
        enabled: false
    kubernetes:
      enabled: false
      config:
        enabled: false
      discovery:
        enabled: false
    sso:
      enabled: true
      authIssuer: https://dev-993218.okta.com/oauth2/v1/authorize
      authClientId: xxxxx
      authSecret: xxxxx
      authRedirectUri: http://localhost:11033/oauth2/callback
      authGranttype: authorization_code
      authScope: openid
      tokenUri: https://dev-993218.okta.com/oauth2/v1/token
8

I’m guessing part of the problem is the custom /oauth2/callback route, The OAuth callback is handled by Spring Security, and should NOT be implemented in a custom controller.

Taking a step back, can you tell us a little more about what you are trying to do, maybe we can point you to an example that better fits your needs?

9

Hi , Thank you very much for your response. All I was trying is when user hits an api end point on my server , I want to direct him to auth server , have him login and come back to me with authentication. So that I can extract his user name and may be policies.

Thank you
Shree