Skip to content

proxy with spring security oauth2 #16875

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
f1-outsourcing opened this issue Apr 3, 2025 · 0 comments
Open

proxy with spring security oauth2 #16875

f1-outsourcing opened this issue Apr 3, 2025 · 0 comments
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@f1-outsourcing
Copy link

f1-outsourcing commented Apr 3, 2025
edited
Loading

I am not really developer, so someone needs to check this but I have the impression these are buggy. Important with testing is thus that you block every other outgoing traffic except to the proxy. Otherwise you do not notice that some request are going past the proxy.

  1. when running in a proxy environment only, the issuer-uri is being gotten without proxy, resulting in a startup failure

java -Dhttps.proxyHost= -Dhttps.proxyPort= etc

  1. when commenting out the issuer-uri, something changes in the auth process and even though all custom endpoints are taken directly from the issuer-uri. Some issue arises during Spring Security's processing of the token, likely in .oauth2Login, when it tries to validate the token's claims or associate it with the client registration.
     27     oauth2:
     28       resourceserver:
     29         jwt:
     30           issuer-uri: ${JWT_URI}
     31           jwt-custom-uri: ${JWT_URI}
     32           jwk-set-uri: ${OIDC_JWKCRTURI}
     33           connect-timeout: 5000
     34           read-timeout: 5000
     35       client:
     36         registration:
     37           keycloak:
     38             client-id: ${OIDC_CLIENTID}
     39             client-secret: ${OIDC_CLIENTSECRET}
     40             authorization-grant-type: authorization_code
     41             scope: ${OIDC_SCOPE:openid}
     42             provider: keycloak
     43             redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
     44         provider:
     45           keycloak:
     46             #issuer-uri: ${OIDC_ISSUERURI} #breaks startup
     47             authorization-uri: ${OIDC_AUTHURI}
     48             token-uri: ${OIDC_TOKENURI}
     49             user-info-uri: ${OIDC_USERURI}
     50             jwk-set-uri: ${OIDC_JWKCRTURI}
  1. I think it is also weird that an application fails on startup when some external service is not available. The default should be just starting no need to check and download stuff.

https://stackoverflow.com/questions/79551156/spring-boot-starter-oauth2-client-app-never-starts-when-oauth-host-unreachable

spring-projects/spring-boot#44985 (comment)
@f1-outsourcing f1-outsourcing added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Apr 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@f1-outsourcing