Hi! Is it possible to disable redirect to oauth2/authorization/{registrationId} in oauth2 flow? I have following properties for oauth2 flow in Spring Cloud Gateway, but nowhere I didn't specify url oauth2/authorization/{registrationId}:
security:
oauth2:
client:
registration:
smart_hub_client:
provider: wso2is
client-id: gateway
client-secret: secret
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/redirect_uri"
scope: openid
provider:
wso2is:
authorization-uri: http://localhost:8090/uaa/oauth/authorize
token-uri: http://uaa:8090/uaa/oauth/token
user-info-uri: http://uaa:8090/uaa/userinfo
user-name-attribute: sub
jwk-set-uri: http://uaa:8090/uaa/token_keys
But I see it in my request chain:
The Request URL from screenshot is here: https://uaa:8090/oauth2/authorization/smart_hub_client
Comment From: eleftherias
Hi, @SMakhrov. I saw your SO post, please avoid cross-posting support requests. StackOverflow is a great place for help, and team members all allocate dedicated time to be on there answering questions. Posting there will make it clearer for community members who run into similar issues.
For reference, here is the origin SO post: https://stackoverflow.com/questions/65136895/disable-redirect-to-oauth2-authorization-registrationid-in-oauth2-client-flow
Comment From: SMakhrov
@eleftherias, after investigation with colleagues it looks like bug.
Initial conditions: Origin resource: https://origin Spring Cloud Gateway as reverse proxy: https://gateway OAuth2 server (WSO2): https://authserver
I have pure Spring Cloud Gateway and only this config:
application.yaml
server:
port: 80
spring:
cloud:
gateway:
default-filters:
- TokenRelay
routes:
- id: root
uri: https://origin
predicates:
- Path=/**
filters:
- RemoveRequestHeader=Cookie
security:
oauth2:
client:
registration:
smart_hub_client:
provider: wso2is
client-id: myclientid
client-secret: mysecret
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/redirect_uri"
scope: sso,openid
provider:
wso2is:
authorization-uri: https://authserver/oauth2/authorize?loginPage=login.jsp
token-uri: https://authserver/oauth2/token
user-info-uri: https://authserver/oauth2/userinfo
user-name-attribute: sub
jwk-set-uri: https://authserver/oauth2/jwks
Additional info - https://authserver (WSO2) has registered callback for gateway (Spring Cloud Gateway): https://gateway/redirect_uri
Expected behaviour: 1. Request to https://gateway/index.html [Request for target page] 2. Redirect to https://gateway/login.html [Login page] 3. Entering credentials 4. Redirect to https://authserver/oauth2/authorize?sessionDataKey=1395e077-fd53-4bf2-b687-62b99cbe4ba9 [Request for auth code] 5. Redirect to https://gateway/redirect_uri?code=3c073c5b-7053-3c51-b596-703a1a05a94f&state=whFXtmq6A_CFNutF5lF3ra5AC_uV9XUj8C1lW7EBqXU%3D&session_state=e24c580be6437c9f54e13eb34292201baed1de2387e5738530a3f4f5378248ee.xX-bQwyQ0ixMZPaB5hEAoQ [Request for token] 6. Response with 200 on page https://gateway/index.html [Return of target page]
Actual behaviour: 1. Request to https://gateway/index.html [Request for target page] 2. Redirect to https://gateway/login.html [Login page] 3. Entering credentials 4. Redirect to https://authserver/oauth2/authorize?sessionDataKey=1395e077-fd53-4bf2-b687-62b99cbe4ba9 [Request for auth code] 5. Redirect to https://gateway/redirect_uri?code=3c073c5b-7053-3c51-b596-703a1a05a94f&state=whFXtmq6A_CFNutF5lF3ra5AC_uV9XUj8C1lW7EBqXU%3D&session_state=e24c580be6437c9f54e13eb34292201baed1de2387e5738530a3f4f5378248ee.xX-bQwyQ0ixMZPaB5hEAoQ [Request for token] 6. Redirect to https://gateway/oauth2/authorization/smart_hub_client [What is it ???] 7. Redirect to https://authserver/oauth2/authorize?loginPage=login.jsp&response_type=code&client_id=NyNzZ6xfutKJRxorF8nexiQ4A5ga&scope=sso%20openid&state=rj2PJ-hnQHs5icXj5jW6FUANMRY07_kWrRUpG3jCQJk%3D&redirect_uri=https://gateway/redirect_uri&nonce=Yov17acl7Kt_S_FQqd2Cl-Tm2_IMFknfwuqVTGf4Zys [Something went wrong after 6] Eternal cycle with repeating from 5 to 7.
@eleftherias , @jgrandja, @rwinch , @jzheaux , anyone, please help.
Comment From: SMakhrov
I guess the problem might be in incorrect state=whFXtmq6A_CFNutF5lF3ra5AC_uV9XUj8C1lW7EBqXU%3D . Part with %3D may fail all flow and we have incorrect state at every request. Because this we probably have infinite loop. %3D it's actually url encoded symbol '='. Why Spring is adding this symbol to state?