I want my Spring Boot app to leverage spring security and oath2 capabilities to authenticate using the a Keycloak server at https://auth.mycompanytest.com/
My initial attempt sends the user to:
https://auth.mycompanytest.com/auth/realms/MycompanyProfiling/protocol/openid-connect/auth?response_type=code&client_id=my-app&state=3fleTCJg4dBwJNjAnbkuq9m2Lwfm7_KwcOsOvO5k2nM=&redirect_uri="http://localhost:8080/login/oauth2/code/keycloak"
Keycloak then says Invalid parameter: redirect_uri
I have tried these things for redirect_uri: http://localhost:8080/* https://mycompanytest.com/*
But it doesn't care.
Snippet of application.properties:
spring.security.oauth2.client.registration.keycloak.client-id= ${KEYCLOAK_CLIENT_ID}
spring.security.oauth2.client.registration.keycloak.client-secret= ${KEYCLOAK_CLIENT_SECRET}
spring.security.oauth2.client.registration.keycloak.provider=keycloak
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.redirect-uri="{baseUrl}/login/oauth2/code/keycloak"
spring.security.oauth2.client.provider.keycloak.token-uri=http://localhost:8080/auth/realms/MyRealm/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.authorization-uri=https://auth.mycompanytest.com/auth/realms/MyRealm/protocol/openid-connect/auth
spring.security.oauth2.client.provider.keycloak.user-info-uri= http://localhost:8080/auth/realms/MyRealm/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
spring.application.name=my-app
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/auth/realms/mycompany
*In the interest of privacy and anonymity I substitute MyCompany, MyRealm, MyApp (etc) in place of the real application. *
CodePudding user response:
See redirect_uri parameter: "http://localhost:8080/login/oauth2/code/keycloak"
. It is URL encoded value, so decoded value is "http://localhost:8080/login/oauth2/code/keycloak"
- please note that you have "
in the redirect URL so it can't match value, which you allowed in the client configuraton http://localhost:8080/*
I guess problem is your config:
spring.security.oauth2.client.registration.keycloak.redirect-uri="{baseUrl}/login/oauth2/code/keycloak"
I would try:
spring.security.oauth2.client.registration.keycloak.redirect-uri={baseUrl}/login/oauth2/code/keycloak
OR
spring.security.oauth2.client.registration.keycloak.redirect-uri=http://localhost:8080/login/oauth2/code/keycloak
Target is to remove quotes ("
) from the redirect_uri parameter.