I am using https://github.com/pac4j/spring-webflux-pac4j-boot-demo to do an OIDC authentication with spring boot and webflux using pac4j. I am setting a OIDC client with a custom callback url.
When you visit /authenticate
, you are taken to the IDP provider to login, after logging in, you are redirected to the callback URl. However, the callback url returns 404
.
The default callback /callback
is still working. If you try to send a GET request to /callback
the logs how that the callback logic is executed. Why is the callback url change (using setCallbackUrl
) not working?
2023-01-15 21:27:04.417 DEBUG 442814 --- [or-http-epoll-3] o.p.core.engine.DefaultCallbackLogic : === CALLBACK ===
2023-01-15 21:27:05.995 DEBUG 442814 --- [or-http-epoll-3] o.p.core.engine.DefaultCallbackLogic : foundClient: #OidcClient# |....
...
Pac4jConfig.java [Original file here]
package io.company.auth;
import java.util.Optional;
import org.pac4j.core.client.Clients;
import org.pac4j.core.config.Config;
import org.pac4j.core.matching.matcher.PathMatcher;
import org.pac4j.springframework.web.SecurityFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.server.WebFilter;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
@Configuration
// to define the callback and logout controllers
@ComponentScan(basePackages = "org.pac4j.springframework.web")
public class Pac4jConfig {
@Bean
public Config config() {
OidcConfiguration config = new OidcConfiguration();
config.setClientId("my_client_id");
config.setSecret("my_secret");
config.setDiscoveryURI("idp_dicovery_url");
config.setScope("openid");
config.setUseNonce(false);
OidcClient oidcClient = new OidcClient(config);
oidcClient.setName("ABCDapp");
oidcClient.setCallbackUrl("http://localhost:8081/api/oidc/cb?client_name=abcd");
final Clients clients = new Clients("http://localhost:8081/api/oidc/cb?client_name=abcd", oidcClient);
return new Config(clients);
}
@Bean
public WebFilter protectedFilter() {
return SecurityFilter.build(config(), new PathMatcher().includePath("/authenticate"));
}
}
The
CallbackController
is automatically set on the/callback
endpoint. Though, you can change that with thepac4j.callback.path
property. See: https://github.com/pac4j/spring-webflux-pac4j/blob/master/src/main/java/org/pac4j/springframework/web/CallbackController.java#L46