javaspringamazon-ec2google-oauthspring-oauth2
I am here after pulling some hair out.
The login with google oauth2 works fine in local but failed under public domain.
Here are the logs from both:
google spring oauth2 client works on local but not on internet
I am here after pulling some hair out.
The login with google oauth2 works fine in local but failed under public domain.
Here are the logs from both:
==== request in local
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : HTTP POST https://www.googleapis.com/oauth2/v4/token
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2022-04-28 17:11:26.080 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[4/0AX4XfWghwFo-03F8JRldcp8xsqSzg31NkVZpHnPqpdXV4hNcTKehChPzrSaTqRVBfh8g4w], redirect_uri=[http://localhost:8080/login/oauth2/code/google]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2022-04-28 17:11:26.225 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Response 200 OK
2022-04-28 17:11:26.225 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8"
2022-04-28 17:11:26.226 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : HTTP GET https://www.googleapis.com/oauth2/v3/certs
2022-04-28 17:11:26.226 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Accept=[text/plain, application/json, application/*+json, */*]
2022-04-28 17:11:26.242 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Response 200 OK
2022-04-28 17:11:26.242 DEBUG 11004 --- [nio-8080-exec-6] o.s.web.client.RestTemplate : Reading to [java.lang.String] as "application/json;charset=UTF-8"
=====request under public domain
2022-04-28 16:54:05.949 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : HTTP POST https://www.googleapis.com/oauth2/v4/token
2022-04-28 16:54:05.956 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2022-04-28 16:54:05.957 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[4/0AX4XfWjfng4hE-uzmk1CnWgRz922In29TeNs9efZxigfeSaVwvvoCrk-b56rOzFeMEDn0Q], redirect_uri=[https://www.clubspj.com/login/oauth2/code/google]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2022-04-28 16:54:06.064 DEBUG 13353 --- [nio-8443-exec-3] o.s.web.client.RestTemplate : Response 400 BAD_REQUEST
I made sure the url is matching
Using this library, version is 2.6.7
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
Following are the requests made in order when trying to login with google oauth2
GET 302 https://www.clubspj.com/oauth2/authorization/google
GET 200 https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=294427952059-ngva8hkoa4cl1af249repefc8lnksl87.apps.googleusercontent.com&scope=openid%20profile%20email&state=hiwVEoh6pbzGA4HueQpsF_MydzpyJ5uxnS7FcAoRaKM%3D&redirect_uri=https://www.clubspj.com/login/oauth2/code/google&nonce=3S3BLRPDsdXB6orOGF52YFIHnbyaLLtO8NGjHEDILYo
GET 302 https://accounts.google.com/signin/oauth/consent?authuser=0&part=AJi8hANiL7v0LYZsyPvT1Vg6t-K2lzlwtCjwELEoi84mtcyDyjIAhY3FkooOuQ9YwoG10HrQyEv3f4H4ZNN_mVry937SfMm_68H1Zw9ZJfkgRVkPM5aTYsa7jdctKNJWe4I4mEJFxeQ0iqizcZfEXw-COkk3L_3wW1CxL2gwCygMud5-Qv1nDJMblMV1dl2CtaWamt30GyrWoaG_g14mRGLvcmHHruvQD3Uid7t0PI9hNtYYqewJLTdCi6dmn8pLa7MJPqEHdp2nyKJf5YSPqAskAn4BX-_aaLXKeNnQJhC2Cjzpwnux_zKol50e8ymHU5PQpP5hU23lArmBPXU3shEEi4m_yA2R41p8vFaB3f9HpOqp9ThEgMp8nv_po6C7Kk3qLMoWR2COAYvv4zflcA_157vUt6jhDpKoLw2cf7Fbq_4afG1QKiI8x9LOn4iJq6Q2JBh_AxlX9truJZb45fNbDI1nfnrOEQ&as=S-872222817%3A1651179243534195&pli=1&rapt=AEjHL4MtRiws0sgSbs9qRhpREDRpzEWcleEMkDeuoK78Ie-A3UissN40zZ2GdDLIIqoA4P7tjoqyQgVmVDmgmqt8a2qv_ElA-w
GET 302 https://www.clubspj.com/login/oauth2/code/google?state=hiwVEoh6pbzGA4HueQpsF_MydzpyJ5uxnS7FcAoRaKM%3D&code=4%2F0AX4XfWjfng4hE-uzmk1CnWgRz922In29TeNs9efZxigfeSaVwvvoCrk-b56rOzFeMEDn0Q&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none
the last request caused error and redirected to login?error, details of the request:
Response Header:
HTTP/1.1 302
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Location: https://www.clubspj.com/login?error
Content-Length: 0
Date: Thu, 28 Apr 2022 20:54:06 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Request Header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Connection: keep-alive
Cookie: AWSALBTG=5EB4qie5RCxExuTp2gqDRZuZGDgJBVO8lBlofFhpkZA0J9iQ7JahcSn/jvAmef/eRSL0GALK9P9xcOZgNLSWIwcEEMSRslwigzMPrZQFpQ2pmLPKSx9Apn19TlEENuLOMFmRgG7bbIziTYB+RyqCLZosHMvIIU7Wbcmhsdlz6e1JL9NKYJU=; AWSALBTGCORS=5EB4qie5RCxExuTp2gqDRZuZGDgJBVO8lBlofFhpkZA0J9iQ7JahcSn/jvAmef/eRSL0GALK9P9xcOZgNLSWIwcEEMSRslwigzMPrZQFpQ2pmLPKSx9Apn19TlEENuLOMFmRgG7bbIziTYB+RyqCLZosHMvIIU7Wbcmhsdlz6e1JL9NKYJU=; JSESSIONID=7F3D126AA8A114A2EAB4937EB1A911DA
Host: www.clubspj.com
Referer: https://accounts.google.com/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Lastly I am running app on EC2 under elastic IP. Verified that all the JSESSIONID are the same between clubspj.com requests.
Thanks in advance!
Solution
It's always the little things!
To have google login work in local, you only need client-id.
Works as expected after I added the long forgotten client-secret.
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices