Spring Boot application is not able to validate the token Returned from Okta

I have a SPA in React which is calling a Service (written in spring boot) passing the access token. In Spring boot service i have enabled Resource server (@EnableResourceServer) and added the property security.oauth2.resource.user-info-uri=https://dev-251759.okta.com/oauth2/default/v1/userinfo
But in spring boot its complains of invalid token and also there is timeout while connecting the user-info-uri. Please suggest what need to be done. Below is the logs of error.

2019-06-03 14:33:58 WARN o.s.b.a.s.o.r.UserInfoTokenServices - Could not fetch user details: class org.springframework.web.client.ResourceAccessException, I/O error on GET request for “https://dev-251759.okta.com/oauth2/default/v1/userinfo”: Connection timed out: connect; nested exception is java.net.ConnectException: Connection timed out: connect
2019-06-03 14:33:58 DEBUG o.s.b.a.s.o.r.UserInfoTokenServices - userinfo returned error: Could not fetch user details
2019-06-03 14:33:58 DEBUG o.s.s.o.p.a.OAuth2AuthenticationProcessingFilter - Authentication request failed: error=“invalid_token”, error_description=“eyJraWQiOiJOVndBanAxcS14TFFaUG5hRFRXZ0Y3WnFOcTRDaVlzcFBSamViVEJtQ2VBIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULnpITGxHbVpHb01iU1FyRlRac0V2MFhxMXcwT2JoWkR5ZGQwN2VzR21ka2ciLCJpc3MiOiJodHRwczovL2Rldi0yNTE3NTkub2t0YS5jb20vb2F1dGgyL2RlZmF1bHQiLCJhdWQiOiJhcGk6Ly9kZWZhdWx0IiwiaWF0IjoxNTU5NTk3Mzg0LCJleHAiOjE1NTk2ODM3ODQsImNpZCI6IjBvYW4wcDEyanlMMkNLS2ZmMzU2IiwidWlkIjoiMDB1bjBsa3Y4MkV6RnJZRkUzNTYiLCJzY3AiOlsicHJvZmlsZSIsImVtYWlsIiwib3BlbmlkIl0sInN1YiI6ImRhdmlkaGNtZXhAZ21haWwuY29tIn0.DE3rhRvNP4hUxzFgHpqFToagKAgy8qWIfqp1EqnPsss7TaCIA_ZKyY2XPpPaiougvGdIBFwzSiqEbMok86J34CaeWJbSf21KA3Dcl8TrZfRTinCdD63s08BAEJi9I30eCcrCMq22GVLWW-c-TE5Jk1yIlo98jyoZq52ytv2kG3zuSqYtdNtv46CqfrmcY4t6sxv4F2qEYuoyCy5WH7fB_PvuqIlbfVPYrlPKHURMfLgRY6MzPxRyOn5ajdIsxOPYcnCTPyObtyUAkwGBL2vAUKDk60mkTU-_oYaWuw-v38G0-MFCWRqTbrfXbCygHxy-3P3_Cdfk7QSH5DnJyDAU3w”
2019-06-03 14:33:58 DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@54be30ae

It looks like your outbound connection to Okta is timing out. Or it could be blocked by your firewall. Or maybe you have a proxy that needs to be configured?

Thanks @mraible. I am able to invoke the URL “https://dev-251759.okta.com/oauth2/default/v1/userinfo” with token using postman. but failing to do it using spring boot service. Can you point me what to look for?

Hey @Rajeev!

Couple questions, which version of Spring Security (or Spring Boot) are you using?
Where is your server located? Are you on a corporate network? Do they have any firewalls or smart network virus scanners?

@bdemers I am using below dependency. The problem is solved, its proxy problem. thanks @mraible and @bdemers for your help.


1 Like

Thanks @Rajeev for following up!