错误认证在迁移到Spring Security 6后 – (缺少client_secret)

huangapple go评论51阅读模式
英文:

Error authenticating after migrating to Spring Security 6 - (Missing client_secret)

问题

  1. 我看到应用程序可以正确从环境变量中检索值。
  2. 这个日志显示字段client_secret被忽略了。
  3. 在这里,我们可以看到以前Spring Security版本成功发出的请求,字段client_secret是存在的。
  4. 这是我的Spring配置。
  5. 这是我的WebSecurityConfig

我尝试以几种方式重写了WebSecurityConfig,但都没有成功。

英文:

I've been migrating my microsservices to Springboot 3.0.2, and now i have to use the spring security version 6, but i'm facing a problem when the request build the request body to OAuth Provider in background, when i see the logs i realized that field client_secret is always forgotten, that why, client_secret is missed in request and Oauth Provider return a 401 UNAUTHORIZED with reason:

Decoded [{error=true, type=invalid_client, message=Missing client_secret parameter, details={name=OAuth2Error, message=Missing client_secret parameter, headers={WWW-Authenticate=Basic realm="Service"}, code=401, error=invalid_client, error_description=Missing client_secret parameter}}]

Its important to say, before migrating to spring security 6, in other words, when i used the spring securty 5.X it was working successfully!

  1. I saw the application can retrieve the values from enviroment variables correctly.

  2. This log shows that field client_secret was ignored.

  3. Here we can see a successfully request by previous spring security version, the field client_secret was present.

  4. Here is my spring configuration

  5. This is my WebSecurityConfig

I tried to rewrite the WebSecurityConfig in several ways, but no one works.

答案1

得分: 0

我相信你可以在你的 application.yml 中用 client_secret_post 替换 post

英文:

I believe you can replace post with client_secret_post in your application.yml.

huangapple
  • 本文由 发表于 2023年2月24日 10:12:16
  • 转载请务必保留本文链接:https://go.coder-hub.com/75552047.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定