Springboot Oauth2 authorization server /oauth2/token path not found 404

589 Views Asked by At

I've install dependancies with the new Spring Security Oauth2 authorization server. all running well. i can get authorization code on this endpoint and params

http://127.0.0.1:8080/oauth2/authorize?client_id=client&redirect_uri=redirect_uri&code_challenge=code&code_challenge_method=S256&response_type=code&scope=openid

but when i try to get the access token the server return not found status 404 on this endpoint

http://127.0.0.1:8080/oauth2/token?client_id=client&redirect_uri=redirect_uri&code_verifier=code&grant_type=authorization_code&code=code

so i don't know if i miss somthing in my config

this is my Authorization server config

@Configuration
@RequiredArgsConstructor
public class AuthorizationServerConfig {
    private final PasswordEncoder passwordEncoder;

    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityFilterChain securityFilterChainAs(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.exceptionHandling(exceptions -> exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")));
        return http.formLogin().and().build();
    }

    @Bean
    public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
        return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
    }

    @Bean
    public OAuth2AuthorizationConsentService authorizationConsentService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
        return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository);
    }

    @Bean
    public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
        
        RegisteredClientRepository repository =  new JdbcRegisteredClientRepository(jdbcTemplate);
        RegisteredClient client = repository.findByClientId("e8e0bb02-7e8e-4768-9e98-70b6359ad321");
        if (client==null){
            client = RegisteredClient.withId(UserIdGenerator.generateClientId())
                    .clientId("client")
                    .clientSecret(passwordEncoder.encode("password"))
                    .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                    .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                    .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                    .redirectUri("http://127.0.0.1:4200/authorized")
                    .scope(OidcScopes.OPENID)
                    .scope("read")
                    .scope("write")
                    .build();
        }
        repository.save(client);
        return repository;
    }

    @Bean
    public JWKSource<SecurityContext> jwkSource() {
        RSAKey rsaKey = Jwks.generateRsa();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
    }

    @Bean
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
    }

    @Bean
    public ProviderSettings providerSettings() {
        return ProviderSettings.builder().build();
    }
}

Default security config

@EnableWebSecurity
@Configuration(proxyBeanMethods = true)
@RequiredArgsConstructor
public class DefaultSecurityConfig {
    private final PasswordEncoder passwordEncoder;
    private final UserManager userManager;
    private final CustomAccessDeniedHandler accessDeniedHandler;
    private final CustomLoginSuccessHandler loginSuccessHandler;
    private final CustomLogoutSuccessHandler logoutSuccessHandler;
    private final CustomAuthenticationFailureHandler authenticationFailureHandler;

    @Bean
    public AuthenticationManager authManager(HttpSecurity http) throws Exception {
        AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
        authenticationManagerBuilder.authenticationProvider(authenticationProvider());
        return authenticationManagerBuilder.build();
    }

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(authorize -> authorize
                .antMatchers("/exposed/**").permitAll()
                .antMatchers("/resources/**", "/js/**", "/webjars/**","/images/**", "/css/**").permitAll()
                .anyRequest().authenticated());
        http.exceptionHandling(exceptions->exceptions
                .accessDeniedHandler(accessDeniedHandler));
        http.formLogin(formLogin-> formLogin.loginPage("/login")
                .failureHandler(authenticationFailureHandler)
                .permitAll());
        http.logout(logout-> logout
                .permitAll()
                .logoutSuccessHandler(logoutSuccessHandler));
        http.httpBasic();
        return http.build();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userManager);
        authenticationProvider.setPasswordEncoder(passwordEncoder);
        return authenticationProvider;
    }
}

just ask a question containing code blocks

0

There are 0 best solutions below