Reputation: 423
Spring Security oauth2 client - problem with Twitter
I want to add Twitter oAuth2 to my application. Earlier I added Facebook and google with success - I didn't have to add provider.
When i try to add twitter data to application.properties file and run server i get error:
Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.
This is my configuration:
spring.security.oauth2.client.registration.facebook.clientId=<SECRET>
spring.security.oauth2.client.registration.facebook.clientSecret=<SECRET>
spring.security.oauth2.client.registration.facebook.redirect-uri=http://localhost:8080/oauth2/callback/facebook
spring.security.oauth2.client.registration.facebook.scope=public_profile email
spring.security.oauth2.client.registration.twitter.clientId=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.provider=twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=token
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize
spring.security.oauth2.client.provider.twitter.user-info-uri=https://api.twitter.com/oauth/request_token
I add client ID so where is problem. And I hope I correct add oauth urls to configuration.
@Update I found problem :) Typo in here:
spring.security.oauth2.client.registration.twiter.authorization-grant-type=token
@UPDATE Now i have another problem, this is my configuration:
spring.security.oauth2.client.registration.twitter.client-id=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/access_token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize
And after i call: http://127.0.0.1:8080/oauth2/authorization/twitter i see this:
Upvotes: 16
Views: 3666
Answers (2)
Reputation: 439
Try to change the grant_type as client_credentials and/or changing the oauth token url to https://api.twitter.com/oauth2/token.
Additionally, there are some of the below sites which you can go through to interact with Twitter via Spring's social provider api.
https://docs.spring.io/spring-social-twitter/docs/current/reference/htmlsingle/
https://developer.twitter.com/en/docs/basics/authentication/api-reference/token
Upvotes: 0
Reputation: 8205
Your question is about using oauth2 client with Twitter and is not possible. Twitter does not support Oauth 2.0 flows involving user.
It only supports the application only OAuth 2.0 Bearer Token:
OAuth 2.0 Bearer Token is the application-only authentication method for authenticating with the Twitter API. As this method is specific to the application, it does not involve any users
https://developer.twitter.com/en/docs/basics/authentication/oauth-2-0
For flows involving end user, it uses Oauth 1.0a https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a
As you can see in the diagram below, Oauth 1.0a flow, your application first needs to talk to Authorisation Server to get a request token and pass that token when redirecting the user to authorisation server. And it is the token, that twitter is complaining as missing because it is Oauth 1.0a. I.e you are doing step B without step A.
Diagram Reference
Upvotes: 1
Related Questions
- Post a Tweet with twitter4j
- OAuth 1.0 "Could not authenticate you."
- Spring Security login Twitter return 403 Forbidden
- Browser does not redirects me to Twitter for authorization
- Accessing Twitter Data - Failed authentication with valid credentials
- Spring-Social sign-in not working properly
- Java twitter OAuth, Failed to validate oauth signature
- Problem in Oauth with twitter4j
- Signing in via Twitter OAuth doesn't remember authorization
- Twitter OAuth Problem