1

I have used spring security to implement my oauth2 client. I have configured my callback as http://localhost:8080/login/oauth2/code/abc, so when I test my app in my local environment the callback is going to https://localhost:8080/login/oauth2/code/abc, as https is not valid for localhost my browser is throwing an error because of which I could not test my application loally

spring:
      profiles: local
      security:
        oauth2:
          client:
            registration:
              abc:
                client-id: OTExZDE3MGQtZTkyMy00YWZjLWFhZDItMGVmZTI1ZDQ3MGJm
                client-secret: MzNlZWFhNDQtOGE4Mi00NDVkLWFiMTUtZjAzNWE2YmU2YWIz
                authorization-grant-type: authorization_code
                redirectUri: http://localhost:3000/login/oauth2/code/abc
                scope:
                  - openid
                  - internal
            provider:
              abc:
                authorization-uri: https://api.abc.com/oauth/authorize
                token-uri: https://api.abc.com/oauth/token
                jwk-set-uri: https://api.abc.com/oauth/keys
user1614862
  • 3,701
  • 7
  • 29
  • 46

1 Answers1

0

How about this configuration?

security.oauth2.client.use-current-uri=false

The JavaDoc of AbstractRedirectResourceDetails.isUseCurrentUri() says as follows.

Flag to signal that the current URI (if set) in the request should be used in preference to the pre-established redirect URI.

Takahiko Kawasaki
  • 18,118
  • 9
  • 62
  • 105
  • no...it is still using https and getting redirected to https://localhost:3000/login/oauth2/code/abc, I have set the flag as useCurrentUri: false in application.yml right after the redirectUri in the above config. – user1614862 Oct 08 '19 at 01:29