inception icon indicating copy to clipboard operation
inception copied to clipboard
verified publisher icon inception-project

Unable to resolve Configuration with the provided Issuer of my oauth server

Open fishfree opened this issue 1 year ago • 3 comments

docker-compose logs

inception-app-1  | Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://oauthserver.mycompany.com"
inception-app-1  | 	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:824) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:777) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:408) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1431) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:619) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:209) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1609) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1573) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveMultipleBeans(DefaultListableBeanFactory.java:1462) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1349) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1311) ~[spring-beans-5.3.36.jar!/:5.3.36]
inception-app-1  | 	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:816) ~[spring-beans-5.3.36.jar!/:5.3.36]

I followed the doc, add configs in the settings.properties file as below:

spring.security.oauth2.client.registration.inception-client.client-name=Inception
spring.security.oauth2.client.registration.inception-client.client-id=inception
spring.security.oauth2.client.registration.inception-client.client-secret=mypassword
spring.security.oauth2.client.registration.inception-client.scope=openid, profile
spring.security.oauth2.client.registration.inception-client.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.inception-client.redirect-uri=https://inception.mycompany.com/login/oauth2/code/inception-client
spring.security.oauth2.client.provider.inception-client.issuer-uri=https://oauthserver.mycompany.com
spring.security.oauth2.client.provider.inception-client.user-name-attribute=preferred_username

The response of https://oauthserver.mycompany.com/.well-known/openid-configuration is as below:

{
  "issuer": "https://oauthserver.mycompany.com/",
  "authorization_endpoint": "https://oauthserver.mycompany.com/oauth/authorize",
  "token_endpoint": "https://oauthserver.mycompany.com/oauth/token",
  "userinfo_endpoint": "https://oauthserver.mycompany.com/oauth/userinfo",
  "jwks_uri": "https://oauthserver.mycompany.com/oauth/jwks",
  "response_types_supported": [
    "code",
    "id_token",
    "token id_token"
  ],
  "subject_types_supported": [
    "pairwise",
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email"
  ],
  "claims_supported": [
    "sub",
    "name",
    "preferred_username",
    "email",
    "email_verified",
    "locale",
    "profile",
    "updated_at",
    "zoneinfo"
  ]
}

What's wrong with my configurations? Thank you in advance!

fishfree avatar Jun 20 '24 01:06 fishfree

The issuer URI in our example is

spring.security.oauth2.client.provider.inception-client.issuer-uri=http://localhost:8180/realms/inception-demo

In your configuration, you just used

spring.security.oauth2.client.provider.inception-client.issuer-uri=https://oauthserver.mycompany.com

i.e. you did not address the authentication realm.

What authentication server are you using?

reckart avatar Jun 20 '24 19:06 reckart

@reckart Thank you! Mine is a Drupal module simple_oauth, which seems does not support realm feature.

fishfree avatar Jun 21 '24 06:06 fishfree

The response that you should get from the issuer URL is something like:

{
  "realm": "inception-demo",
  "public_key": "MIIxxx",
  "token-service": "http://localhost:8180/realms/inception-demo/protocol/openid-connect",
  "account-service": "http://localhost:8180/realms/inception-demo/account",
  "tokens-not-before": 0
}

reckart avatar Jun 21 '24 06:06 reckart

There was no further feedback. I assume the issue has been resolved.

reckart avatar Jul 08 '24 19:07 reckart