CODEWITHSUNDEEP
spring-securityspring-bootgoogle-oauthspring-security-oauth2
balboa_21
balboa_21

Reputation: 384

Spring Boot OAuth2 - GoogleApi- Could not obtain user details from token

I am working on a project which has requirements for Gmail Authentication and also which can be extended. I was following this tutorial here which had examples for Facebook and GitHub authentication. So I tried for Gmail and I am getting this error which I am not able to resolve and getting new exceptions when trying to resolve. Kindly, help me out as I believe this is the point where the code is least affected by my additions. With this much of config and code, it is working for github and fb but not for google.

SocialApplication.java

@SpringBootApplication
@RestController
@EnableOAuth2Client
@EnableAuthorizationServer
@Order(6)
public class SocialApplication extends WebSecurityConfigurerAdapter {

    @Autowired
    OAuth2ClientContext oauth2ClientContext;

    @RequestMapping({ "/user", "/me" })
    public Map<String, String> user(Principal principal) {
        Map<String, String> map = new LinkedHashMap<>();
        map.put("name", principal.getName());
        return map;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
                .authenticated().and().exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
                .logoutSuccessUrl("/").permitAll().and().csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
                .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
        // @formatter:on
    }

    @Configuration
    @EnableResourceServer
    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
        @Override
        public void configure(HttpSecurity http) throws Exception {
            // @formatter:off
            http.antMatcher("/me").authorizeRequests().anyRequest().authenticated();
            // @formatter:on
        }
    }

    public static void main(String[] args) {
        SpringApplication.run(SocialApplication.class, args);
    }

    @Bean
    public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(filter);
        registration.setOrder(-100);
        return registration;
    }

    @Bean
    @ConfigurationProperties("github")
    ClientResources github() {
        return new ClientResources();
    }

    @Bean
    @ConfigurationProperties("facebook")
    ClientResources facebook() {
        return new ClientResources();
    }

    **@Bean
    @ConfigurationProperties("gmail")
    ClientResources gmail(){return new ClientResources();}**

    private Filter ssoFilter() {
        CompositeFilter filter = new CompositeFilter();
        List<Filter> filters = new ArrayList<>();
        filters.add(ssoFilter(facebook(), "/login/facebook"));
        filters.add(ssoFilter(github(), "/login/github"));
        **filters.add(ssoFilter(gmail(), "/login/gmail"));**
        filter.setFilters(filters);
        return filter;
    }

    private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(
                path);
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
        oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
        UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
                client.getClient().getClientId());
        tokenServices.setRestTemplate(oAuth2RestTemplate);
        oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
        return oAuth2ClientAuthenticationFilter;
    }

}

class ClientResources {
    private OAuth2ProtectedResourceDetails client = new AuthorizationCodeResourceDetails();
    private ResourceServerProperties resource = new ResourceServerProperties();

    public OAuth2ProtectedResourceDetails getClient() {
        return client;
    }

    public ResourceServerProperties getResource() {
        return resource;
    }
}

index.html

<div>
    With Facebook: <a href="/login/facebook">click here</a>
</div>
<div>
    With Github: <a href="/login/github">click here</a>
</div>
**<div>
    With Gmail: <a href="/login/gmail">click here</a>
</div>**

application.yml // skipped the contents for github and fb to save space

gmail:
  client:
    client_id: 7xxxxxxxx-1spjexxxxxxxc.apps.googleusercontent.com
    scope: https://www.googleapis.com/auth/userinfo.profile
    client_secret: Xxxxxxx-I*****zx
    userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
    accessTokenUri: https://accounts.google.com/o/oauth2/token
    auth_provider_x509_cert_url:https://www.googleapis.com/oauth2/v1/certs

LOG

org.springframework.security.authentication.BadCredentialsException: Could not obtain user details from token at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:122) ~[spring-security-oauth2-2.0.10.RELEASE.jar:na] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73) [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

**Caused by: org.springframework.security.oauth2.common.exceptions.InvalidTokenException: ya***********dCCnRbsve3 at org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices.loadAuthentication(UserInfoTokenServices.java:91) ~[spring-boot-autoconfigure-1.4.0.RELEASE.jar:1.4.0.RELEASE] at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:112) ~[spring-security-oauth2-2.0.10.RELEASE.jar:na] ... 66 common frames omitted

And on Google API Console.

Redirect URL I have given as : localhost:8080/login/gmail

Upvotes: 2

Views: 17569

Answers (1)

Amit Rangra
Amit Rangra

Reputation: 66

In your application.yml confirguration, I couldn't find the userinfo url defined? I have the following google config working for me:

google:
  client:
    clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    clientSecret: YYYYYYYYYYYYYYYYYY
    accessTokenUri: https://accounts.google.com/o/oauth2/token
    userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
    clientAuthenticationScheme: form
    scope: profile email
  resource:
    userInfoUri: https://www.googleapis.com/userinfo/v2/me

Upvotes: 4

Related Questions