Using Spring security oauth, using a custom OAuth provider, I get [authorization_request_not_found], should I handle the callback method myself?

Question

Using Spring Security 5 oauth I successfully ran through the whole authentication/authorization cycle using Google as OAuth provider, but I am stuck if I use an OAuth provid

Answer 1

I was able to fix this by forcing a session to be created on the endpoint that redirects to the oauth2 jose flow. Spring's default session creation policy is "if required". My theory was that it was redirecting to the openId flows without first creating a session.

         http.authorizeRequests()
            .mvcMatchers("/<yourProvider>/login")
                .authenticated()
                .anyRequest()
                .permitAll()
                .and()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                .and()
            ...

If anyone has any better ideas or solutions please comment or post.

Our client is configured to go to the /yourProvider/login in order to authorize.

Answer 2

These error means , that authorization request doesn't found. authorization request is stored in session, so some how session is not getting stored. by default session is managed by cookie.

So I think that might be because you are running everything on localhost, so first cookie is set by localhost:8080 to store the authorization request session data, & when you login to localhost:8081 it'll set another cookie for it's session.