search

spring-projects / spring-security-samples

1.46k stars 709 forks source link

[invalid_scope] OpenID Connect 1.0 authentication requests are restricted. #217

Closed gongzelong0718 closed 8 months ago

gongzelong0718 commented 8 months ago

https://github.com/spring-projects/spring-security-samples/tree/6.2.x/servlet/spring-boot/java/oauth2/login#spring-login

Boot up the application Launch the Spring Boot 2.0 sample and go to http://127.0.0.1:8080/. You are then redirected to the default auto-generated login page, which displays a link for Spring.

Click on the Spring link, and you are then redirected to the Spring Authorization Server for authentication.

After authenticating with your credentials (user and password by default), the next page presented to you is the Consent screen. The Consent screen asks you to either allow or deny access to the OAuth Client. Select "profile" and click Submit Consent to authorize the OAuth Client to access your basic profile information.

But from my test, after authenticating with your credentials (user and password by default), it shows in the page http://127.0.0.1:8080/login?error

[invalid_scope] OpenID Connect 1.0 authentication requests are restricted.

I checked that the scope has profile.

Is it an issue?

lorenzBern commented 8 months ago

I have the same problem with the Spring authorization-server on branch 6.2.x (https://github.com/spring-projects/spring-security-samples/blame/6.2.x/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerSecurityConfiguration.java)

The issue is already fixed on main branch (https://github.com/spring-projects/spring-security-samples/blame/main/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerSecurityConfiguration.java):

OAuth2AuthorizationServerSecurityConfiguration.java (Line 73)


http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0```