Closed BillyBolton closed 3 years ago
@stliu PTAL
Hi @BillyBolton , sorry for the late response, we will look into it soon. Besides, considering that our sample can work as expected with your credentials, could you provide another sample project which can reproduce the issue you mentioned?
Currently from the error log, we could see that your App failed to acqurie token from AAD, so please first make sure your credentials info (tetant-id, client-id, client-secret and groups) in src/resources/application.xml are correct, and also the scopes your app is requesting have been configured (if admin consent is required, please grant it) in Azure Portal.
If there is nothing wrong with your configuration, I think a sample project that can reproduce your issue can help us debug your app and figure out its token request. Also, if possible, would you like to share the Manifest of your App registration (for concerns about info leakage, a test App is welcome) in Azure Portal which could help us to check your application configuration?
Hi there, @yiliuTo. Here is a sample project that replicates the issue, including a dummy account to test the authentication with. All the details are in the ReadMe.
I was able to solve the issue of a no body token response. Indeed, it was a credential issue -- a small typo... However I'm receiving a redirect issue now. This issue occurred both in my project, and the MS sample when I converted it from Maven to Gradle.
The error I receive is:
2021-04-27 16:30:37.684 DEBUG 34013 --- [nio-8080-exec-3] o.s.web.client.RestTemplate : HTTP GET https://login.microsoftonline.com/07d020b6-d78f-40cb-b6c7-98eab8c29a94/discovery/v2.0/keys
2021-04-27 16:30:37.685 DEBUG 34013 --- [nio-8080-exec-3] o.s.web.client.RestTemplate : Accept=[text/plain, application/json, application/*+json, */*]
2021-04-27 16:30:37.757 DEBUG 34013 --- [nio-8080-exec-3] o.s.web.client.RestTemplate : Response 200 OK
2021-04-27 16:30:37.757 DEBUG 34013 --- [nio-8080-exec-3] o.s.web.client.RestTemplate : Reading to [java.lang.String] as "application/json;charset=utf-8"
2021-04-27 16:30:37.765 DEBUG 34013 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2021-04-27 16:30:37.765 DEBUG 34013 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-04-27 16:30:37.771 ERROR 34013 --- [nio-8080-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Filter execution threw an exception] with root cause
java.lang.NoSuchMethodError: 'net.minidev.json.JSONObject com.nimbusds.jose.Header.toJSONObject()'
[... etc]
This error looks similar to https://github.com/Azure/azure-sdk-for-java/issues/14898.
implementation "com.nimbusds:nimbus-jose-jwt:8.20"
Is there a more recent fix for this other than the work around mentioned in that issue? I'm curious why this extra dependency is needed just when converting from a Maven to Gradle setup. If this is indeed a Gradle specific work-around, should it be included in the documentation?
Thank you in advance for your help. I've been looking at this for weeks! I can't wait to get this up and running. 🙂
Hi @BillyBolton thanks for your detailed information.
I noticed that in your build.gradle, the spring boot you selected is 2.4.2. And according to spring-boot-dependencies: 2.4.2, its nimbus-jose-jwt.version is 9.1.3 which has conflicts with the one 8.20.2 in our starter. Also I noticed in your build.gradle, you specify the version of some spring boot libraries as 2.4.3, so if the actual expected Spring Boot is 2.4.3, I suggest you changing its bom version because in 2.4.3 the nimbus-jose-jwt is 8.20.2, which can resolve the dependency conflict together.
Also, for your question
Is there a more recent fix for this other than the work around mentioned in that issue?
We currently haven't fixed the breaking changes of nimbus.
I'm curious why this extra dependency is needed just when converting from a Maven to Gradle setup.
In our sample , the spring boot parent is 2.4.5 which brings in nimbus of 8.20.2. Thus the version conflict is avoided when you try our sample.
Besides, as I read your build.gradle, I noticed that you have imported 3 of our starters:
com.microsoft.azure:azure-active-directory-spring-boot-starter:2.2.1
com.azure.spring:azure-spring-boot-starter-active-directory:3.3.0
com.azure.spring:azure-spring-boot-starter:3.3.0
May I know why you use 2 versions of the active directory starters(aad starter for short)? Also, for 3.3.0, if you just need the aad starter, you can remove com.azure.spring:azure-spring-boot-starter:3.3.0.
Hi @yiliuTo,
Thank you for the response. I've been playing around with multiple MS tutorials so I must have had some duplicate dependencies there. Thanks for catching that.
You've been a great help. Thanks again for your support. 💯
Hi @BillyBolton , I am so glad that I could help. And just a reminder, don't forget to update your credentials or delete that test account as they are now exposed in your repo.
hi @BillyBolton , Now i am getting the same error , can you please share the sample project that is working state . It would help alot . My mail : Venkat.Thotakura@almullaexchange.com
Query/Question I keep getting the error: "Login with OAuth 2.0 - [invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]" when I try to access my front-end app. (I'm just trying to make sure the sign-on works correctly for now. I've followed Azure Spring Boot Sample Active Directory Web App and can use my AAD keys there and everything works as expected, but when I try to do the same on mine, I get the error. Error occurs on all endpoints, whether they are @PreAuthorize(hasRole('ROLE_someRole')") or not.
Here are some logs for when the error occurs. It's long but I'm having trouble debugging -- hoping someone else can catch something. I can see that I'm getting a 401 UNAUTHORIZED response but I'm unclear why.
Please let me know if any other information might be needed.
Why is this not a Bug or a feature Request? Cloning the repository from the Azure Spring Boot Sample Active Directory Web App and using the client id, keys, etc., for my AAD setup works as expected.
Setup (please complete the following information if applicable):
Version of the Library used: Using Gradle:
Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report