[BUG] aad-resource-server redirectes to LoginPage

Question

[BUG] aad-resource-server redirectes to LoginPage

einue opened this issue 2 years ago · 5 comments

I checked out your repo and test it. When I try to connect with postman to webapi, my call redirects always to login-page. Is there some configuration missing?

my pom file:
`

4.0.0

<!-- https://github.com/Azure-Samples/azure-spring-boot-samples/blob/spring-cloud-azure_4.4.0/aad/spring-cloud-azure-starter-active-directory/web-client-access-resource-server/aad-resource-server/pom.xml -->
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.7.3</version>
</parent>

<artifactId>app-resource-server</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>


<name>Resourcen</name>

<dependencies>
    <dependency>
        <groupId>com.azure.spring</groupId>
        <artifactId>spring-cloud-azure-starter-active-directory</artifactId>
        <version>4.4.0</version>
    </dependency>
    <!-- spring boot starter dependencies. -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
</dependencies>

`

Answer 1 · 2022-11-11T02:54:26.000Z

@chenrujun could you help handle this issue?

Answer 2 · 2022-11-11T06:58:04.000Z

Hi, @einue

Thanks for reaching out.

I used the pom you provided in this branch: chenrujun/azure-spring-boot-samples.

But I cannot reproduce the problem you described in the issue.
The http request returns 401 instead of login page. Here is the screenshot:

Could you please try chenrujun/azure-spring-boot-samples in your machine?

If the problem still exists, please provide a minimal project to reproduce the problem.

Answer 3 · 2022-11-11T08:15:11.000Z

@chenrujun I also get an 401 for the webapiB when sending the correct bearer token.

I get the token Via Postman, the response is like:

{
    "token_type": "Bearer",
    "scope": "api://tenantID/WebApi.ConstructionsiteScope",
    "expires_in": 5120,
    "ext_expires_in": 5120,
    "access_token": "******"
}

And my Controller looks like :

    @GetMapping("/webapiB")
    @ResponseBody
    @PreAuthorize("hasAuthority('SCOPE_WebApi.ConstructionsiteScope')")
    public String file() {
        return "Response from webApiB.";
    }

And my Postman Call:

curl \
  --location \
  --request GET 'localhost:8082/webapiB' \
  --header 'Authorization: Bearer **** '

My application.yml

server:
  port: 8082

spring:
  cloud:
    azure:
      active-directory:
        enabled: true
        credential:
          client-id: 5832d83***
          client-secret: **+
        profile:
          tenant-id: ***
        app-id-uri: api://tenant-id/WebApi.ConstructionsiteScope`

Answer 4 · 2022-11-11T08:29:57.000Z

@einue

I get the token Via Postman, the response is like:
"scope": "api://tenantID/WebApi.ConstructionsiteScope",

It should be clientID of WebApi instead of teanntID.

My application.yml
app-id-uri: api://tenant-id/WebApi.ConstructionsiteScope`

Same here, it should be clientID of WebApi instead of teanntID.
Delete /WebApi.ConstructionsiteScope in app-id-uri.

Check the readme about app-id-uri:

Answer 5 · 2022-11-11T08:32:00.000Z

@chenrujun : thank you, it works now :)