I am trying to set spring oauth2 security setting in my app in google app. Everything seems to work fine locally, but when I deploy the application, everything starts to break down. After I authenticate via google, it redirects me to the Whitelabel error page. In the console, I see this error:
http:
I configure my auth with this application.yml file:
security: oauth2: client: clientId: client-key clientSecret: secret-key accessTokenUri: https://www.googleapis.com/oauth2/v4/token userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth clientAuthenticationScheme: form scope: - openid - email - profile - https://www.googleapis.com/auth/cloud-platform resource: userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo preferTokenInfo: true
My security configuration looks something like this:
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .and() .authorizeRequests() .antMatchers("/static/**").permitAll() .antMatchers("/**").hasAuthority("ROLE_ADMIN") .anyRequest().authenticated() .and() .exceptionHandling() .accessDeniedPage("/403"); }
I set the Oauth id on google credential pages to allow authorized javascript roots:
http://my-application.appspot.com https://my-application.appspot.com http://localhost:8080
And the allowed redirect URIs are:
http://my-application.appspot.com/login https://my-application.appspot.com/login http://localhost:8080/login
Any ideas why I can get unauthorized errors after deploying to GAE?
Thanks,
Craig
source share