1 year ago

#315984

test-img

nick_j_white

Spring security Oauth2 Redirect URI setting is ignored when using application.properties

I am configuring multiple authentication clients for a spring-boot application, and am attempting to override the default redirect URI using:

spring.security.oauth2.client.registration.google.redirectUri={baseUrl}/oauth2/callback/{registrationId}

and then setting the following in SecurityConfig:

http.oauth2Login()
.authorizationEndpoint().baseUri("/oauth2/authorize")
.and()
.redirectionEndpoint().baseUri("/oauth2/callback/*")

However, this is not working - when accessing {baseUrl}/oauth2/authorize/google, the client is redirected to

https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount
    ?response_type=code
      &client_id<clientId>
      &scope=email%20profile
      &redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin%2Foauth2%2Fcode%2Fgoogle
      &flowName=GeneralOAuthFlow

with redirect uri parameter "{baseUrl}/login/oauth2/code/google" which is the default set by spring security when redirectUri is not set. If I switch to using application.yml with the below configuration:

spring:
    security:
      oauth2:
        client:
          registration:
            google:    
              redirectUri: "{baseUrl}/oauth2/callback/{registrationId}"

it works fine. However, for various reasons I want to stick with the application.properties format. Any idea why the setting is ignored?

spring-boot

spring-security

oauth-2.0

application.properties

redirect-uri

0 Answers

Your Answer

Accepted video resources