after login, the page not redirect successfully
Closed this issue · 8 comments
Hi @stewartadam , thanks for the kickstart first, I try to run it in my local environment according to READ.ME steps, but after access "http://localhost:8080/oauth2/authorization/microsoft", it redirect to the azure login page, but after I login, the page stay in the azure login page, could not redirect correctly back to my app. I even change the application.yaml to "redirect-uri-template: 'http://www.baidu.com' ", and it will not redirect to the baidu url.
Could you help to look at what the problem is?
Thanks!
Hi Jason, what redirect URIs do you have configured in the Azure AD application? Unless the redirect matches the app's configured URIs, the redirect will be rejected.
Hi @stewartadam i have serval question. how did you logout in your application?
Where is store the token ?
@TavernierCedric since this configures the Spring Security framework to handle authentication, you'll need to configure logout there - see here for details: https://docs.spring.io/spring-security/site/docs/5.0.3.RELEASE/reference/htmlsingle/#jc-logout
hi @stewartadam , I followed this step:
" 2: http://localhost:8080/oauth2/authorization/microsoft: attempts to login the user using the OAuth2 code grant against AAD, followed by a Graph call to obtain user information"
and my application.yaml configure is redirect-uri-template: '{baseUrl}/hello/jason', I want to redirect to the hello page after authenticated. And in the azure AD register application, I add "http://localhost:8080/hello/jason" to the "Reply URLs".
But when I request the "http://localhost:8080/oauth2/authorization/microsoft" url, it redirect me to the azure login page (expected), but after I input my credential, the page is not redirect to hello/jason, it stays on the azure login page.
Anything wrong with my configuration? Thanks!
Hi thank you for the response @stewartadam .
Is it possible to use the role in the azuez AD in a application and if is it possible how do you do that.
@jason279 do you see any error messages or error codes? It is difficult to tell why your browser is not redirecting without more detail. That said, this sample was intended to exemplify how to integrate AAD with Spring Security's new OAuth functionality -- you will need to setup a landing page for the redirect, and your application will then be responsible for redirecting the user to your intended page (e.g. you could do so by reading their prior location from some server session [most secure], cookie or local storage that was set prior to sending the user for authentication).
@TavernierCedric it likely is possible with a bunch of custom classes, but I'm not familiar with the specifics unfortunately. This sample is not configured to work with groups.
I would like to know has which place you said has spring that the token received in the header is valid @stewartadam
Hi @TavernierCedric, I'm not sure what you mean, could you elaborate on what you are looking for?
If you need details on how Spring performs its token validation, unfortunately I'm not familiar with Spring's implementation. There are some links to their documentation in the References section of the README.