Skip to content

'profile' scope causes Federated Identity example to loop #919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sjerman opened this issue Oct 5, 2022 · 2 comments
Closed

'profile' scope causes Federated Identity example to loop #919

sjerman opened this issue Oct 5, 2022 · 2 comments
Assignees
@jgrandja
Labels
status: duplicate A duplicate of another issue

Comments

@sjerman
Copy link

sjerman commented Oct 5, 2022

Expected Behavior
Allow addition of 'profile' scope.

Current Behavior
If you add the scope to the example, starts infinite redirect loop.

Context
I'm trying to make use of the Federated Identity example and would I'd like to get the UserInfo object populated. However if I add the profile to the registeredClient I get the hang:

In AuthorizationServerConfig:

   RegisteredClient registeredClient =
        RegisteredClient.withId(UUID.randomUUID().toString())
            .clientId("messaging-client")
            .clientSecret("{noop}secret")
            .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
            .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
            .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
            .redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc")
            .redirectUri("http://127.0.0.1:8080/authorized")
            .scope(OidcScopes.OPENID)
            .scope("message.read")
            .scope("message.write")
            // .scope(OidcScopes.PROFILE)
            .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
            .build();
@sjerman sjerman added the type: enhancement A general enhancement label Oct 5, 2022
@sjerman
Copy link
Author

sjerman commented Oct 10, 2022

fixed via comment on #917. Issue is that sample doesn't;t include

       .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);

and

  @Bean
  public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
    return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
  }

@sjerman sjerman closed this as completed Oct 10, 2022
@jgrandja
Copy link
Collaborator

Duplicate of gh-917

@jgrandja jgrandja marked this as a duplicate of #917 Oct 11, 2022
@jgrandja jgrandja self-assigned this Oct 11, 2022
@jgrandja jgrandja added status: duplicate A duplicate of another issue and removed type: enhancement A general enhancement labels Oct 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sjerman @jgrandja