Reputation: 119
Spring Boot OAuth2 invalid_user_info_response
Im building a webMVC app with Azure as Identity Provider and Im getting the following error:
[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: I/O error on GET request for "https://graph.microsoft.com/oidc/userinfo": graph.microsoft.com
[nio-8080-exec-3] o.s.web.client.RestTemplate : HTTP GET https://graph.microsoft.com/oidc/userinfo
[nio-8080-exec-3] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
[nio-8080-exec-3] .s.a.DefaultAuthenticationEventPublisher : No event was found for the exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
[nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy : Redirecting to /login?error
Am I missing something?
spring.security.oauth2.client.provider.azure.issuer-uri=https://login.microsoftonline.com/XXXX/v2.0
spring.security.oauth2.client.registration.myapp.client-name=XXXX
spring.security.oauth2.client.registration.myapp.client-id=XXXX
spring.security.oauth2.client.registration.myapp.client-secret=XXXX
spring.security.oauth2.client.registration.myapp.provider=azure
spring.security.oauth2.client.registration.myapp.redirect-uri=http://localhost:8080/login/oauth2/code/
spring.security.oauth2.client.registration.myapp.scope=openid, profile, User.Read
spring.security.oauth2.client.registration.myapp.authorization-grant-type=authorization_code
Upvotes: 0
Views: 4183
Answers (2)
Reputation: 119
for some reason the proxy server configured on my machine was not able to solve the dns graph.microsoft.com and I was getting the message "invalid_user_info_response". In order to fix it you need to make sure that your machine is able to reach graph.microsoft.com
Upvotes: 1
Reputation: 22397
I tried to reproduce the same in my environment via Postman and got below results:
I created one Azure AD application and granted permissions like below:
To get code, I used below authorization request:
https://login.microsoftonline.com/tenantID/oauth2/v2.0/authorize?
client_id=client_id
&response_type=code
&redirect_uri=redirect_uri
&response_mode=query
&scope=openid profile user.read
&state=12345
When I ran the above request in browser, I got consent screen like below:
After accepting the above consent, I got the code in address bar like below:
To generate access token, I used below parameters and got token like this:
POST https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
grant_type:authorization_code
client_id:client_id
client_secret:client_secret
scope:openid profile user.read
code:code
redirect_uri: redirect_uri
When I used the above token to get user info data, I got the response successfully like below:
GET https://graph.microsoft.com/oidc/userinfo
Response:
In your scenario, make sure to include below parameters in your code like below:
spring.security.oauth2.client.registration.azure.client-id: xxx
spring.security.oauth2.client.registration.azure.client-secret: xxx
spring.security.oauth2.client.registration.azure.client-name: App Name
spring.security.oauth2.client.registration.azure.client-authentication-method: basic
spring.security.oauth2.client.registration.azure.provider: azure
spring.security.oauth2.client.registration.azure.scope: openid profile user.read
spring.security.oauth2.client.registration.azure.redirect-uri: http://localhost:8080/login/oauth2/code/azure
spring.security.oauth2.client.registration.azure.authorization-grant-type: authorization_code
spring.security.oauth2.client.provider.azure.issuer-uri=https://login.microsoftonline.com/<tenant id>/v2.0
spring.security.oauth2.client.provider.azure.authorization-uri: https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize
spring.security.oauth2.client.provider.azure.user-info-uri: https://graph.microsoft.com/oidc/userinfo
spring.security.oauth2.client.provider.azure.token-uri: https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
spring.security.oauth2.client.provider.azure.jwk-set-uri: https://login.microsoftonline.com/<tenant id>/v2.0/keys
spring.security.oauth2.client.provider.azure.user-name-attribute: name
To know more in detail, please refer below link:
Spring security using OAuth2 with Microsoft - AzureAD
Upvotes: 1
Related Questions
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- invalid_token_response An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]
- Spring Security oauth2 "authorization request not found"
- Spring boot + oauth2 : Full authentication is required to access this resource
- Spring Boot OAuth2 - Could not obtain user details from token
- Spring Boot OAuth2 and Azure AD
- Spring Security Microsoft Oauth2 Login Errors
- OAuth2 With Spring Boot Unauthorized (401) Response
- Spring OAuth2 Client: I/O error on POST request for oauth2/v2.0/token
- Oauth2 bad credentials Spring Boot