Hello,
This is in reference to OAuth2 integration using spring security and okta spring boot starter, where on accessing a rest endpoint, the app is redirected to okta and on successful login there it is redirected back to the app but on the login?error endpoint showing the invalid credentials. No exception or error is seen in the logs for the same but it still fails for this reason.
server.servlet.context-path: /myapp
@Configuration
public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.cors().and()
.authorizeRequests()
.antMatchers("/login**", "/error**").permitAll()
.anyRequest()
.authenticated().and()
.oauth2Login();
}
/**
* Allows access to static resources, bypassing Spring security.
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(
// Vaadin Flow static resources //
"/VAADIN/**",
"/vaadinServlet/HEARTBEAT/**",
"/vaadinServlet/UIDL/**",
// the standard favicon URI
"/favicon.ico",
// the robots exclusion standard
"/robots.txt",
// web application manifest //
"/manifest.webmanifest",
"/sw.js",
"/offline-page.html",
// (development mode) static resources //
"/frontend/**",
// (development mode) webjars //
"/webjars/**",
// (production mode) static resources //
"/frontend-es5/**", "/frontend-es6/**");
}
}
Request URL: https://some-domain.com/myapp/login/oauth2/code/okta?
code=MLGhyN6ZcT_4xItY0KR6&state=MRNSJ599oZt93_15Oy9wCpBtR1xldjpK2xaysVPNHtk%3D
Request Method: GET
Status Code: 302
location: https://some-domain.com/myapp/login?error
Note - Using Vaadin 8, spring boot 2.2.1, okta-spring-boot-starter-1.3.0, spring-security-oauth2-autoconfigure-2.2.1.