英文:
Error authenticating after migrating to Spring Security 6 - (Missing client_secret)
问题
- 我看到应用程序可以正确从环境变量中检索值。
- 这个日志显示字段client_secret被忽略了。
- 在这里,我们可以看到以前Spring Security版本成功发出的请求,字段client_secret是存在的。
- 这是我的Spring配置。
- 这是我的WebSecurityConfig
我尝试以几种方式重写了WebSecurityConfig,但都没有成功。
英文:
I've been migrating my microsservices to Springboot 3.0.2, and now i have to use the spring security version 6, but i'm facing a problem when the request build the request body to OAuth Provider in background, when i see the logs i realized that field client_secret is always forgotten, that why, client_secret is missed in request and Oauth Provider return a 401 UNAUTHORIZED with reason:
Decoded [{error=true, type=invalid_client, message=Missing client_secret parameter, details={name=OAuth2Error, message=Missing client_secret parameter, headers={WWW-Authenticate=Basic realm="Service"}, code=401, error=invalid_client, error_description=Missing client_secret parameter}}]
Its important to say, before migrating to spring security 6, in other words, when i used the spring securty 5.X it was working successfully!
I tried to rewrite the WebSecurityConfig in several ways, but no one works.
答案1
得分: 0
我相信你可以在你的 application.yml
中用 client_secret_post
替换 post
。
英文:
I believe you can replace post
with client_secret_post
in your application.yml
.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论