使用 Azure OAuth2 的 Spring Boot - 回复 URL 不匹配错误 [英] Spring Boot using Azure OAuth2 - reply URL does not match error
问题描述
我有尝试使用 Azure OAuth2 保护的 Spring Boot Web 应用程序.此应用程序基于 Azure SDK 示例 azure-spring-boot-sample-active-directory-webapp.
I have Spring Boot web application that I attempting to secure with Azure OAuth2. This application is based on the Azure SDK sample azure-spring-boot-sample-active-directory-webapp.
我构建应用程序并将其作为 Web 应用程序部署到 Azure.我的 MS 证书受到质疑,我同意分享我的信息.我收到以下错误:
I build and deploy the application to Azure as a Web App. I am challenged for my MS Credentials, I give my consent to share my information. I get the following error:
AADSTS50011:请求中指定的回复 URL 与为应用程序配置的回复 URL 不匹配:'**client id**'.
我确定问题出在已注册应用程序的重定向 url 上.我注册了示例告诉我注册的网址,但我仍然收到错误消息.我删除了 Azure AD 注册的应用程序并重新开始,行为没有变化.
I am sure the issue is around the Registered Application's redirect urls. I register the urls the sample tells me to register, but I still get the error. I have deleted the Azure AD registered app and started over, no change in behavior.
我在 Edge 和 Chrome 上看到了这个错误.
I see this error with Edge and Chrome.
环境
- Spring Boot 父级:2.3.8.RELEASE
- Azure 入门广告:3.1.0
- 操作系统:Linux
- Java:Java 11
- Web 服务器堆栈:Java SE
Active Directory 应用注册
- 支持的帐户类型:仅此组织目录中的帐户(单租户)
- 身份验证:Web:重定向网址:https://myapp.azurewebsites.net/login/oauth2/code/azure
- 身份验证:Web:重定向网址:https://myapp.azurewebsites.net/login/oauth2/code/arm
- 创建的秘密
- API 权限:Azure 服务管理:user_impersonation
- API 权限:Microsoft Graph:Directory.AccessAsUser.All(授予默认目录)
- API 权限:Microsoft Graph:User.Read(授予默认目录)
- API 权限:Office 365 管理 API:ActivityFeed.Read(授予默认目录)
- API 权限:Office 365 管理 API:ActivityFeed.ReadDlp(授予默认目录)
- API 权限:Office 365 管理 API:ServiceHealth.Read(授予默认目录)
application.yaml
azure:
activedirectory:
authorization-clients:
arm:
on-demand: true
scopes: https://management.core.windows.net/user_impersonation
graph:
scopes:
- https://graph.microsoft.com/User.Read
- https://graph.microsoft.com/Directory.Read.All
office:
scopes:
- https://manage.office.com/ActivityFeed.Read
- https://manage.office.com/ActivityFeed.ReadDlp
- https://manage.office.com/ServiceHealth.Read
client-id: my-client-id
client-secret: my-client-secret
tenant-id: my-tenant-id
user-group:
allowed-groups: group1, group2
post-logout-redirect-uri: https://myapp.azurewebsites.net/
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.8.RELEASE</version>
<relativePath/>
<!-- lookup parent from repository -->
</parent>
<groupId>mygroup</groupId>
<artifactId>adoauthdemo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>adoauthdemo</name>
<description>Demonstration of integrating a spring boot application with Azure AD OAuth</description>
<properties>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>azure-spring-boot-starter-active-directory</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</exclude>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-webapp-maven-plugin</artifactId>
<version>1.12.0</version>
<configuration>
<authType>azure_cli</authType>
<resourceGroup>adoauthdemo-rg</resourceGroup>
<appName>adoauthdemo</appName>
<pricingTier>B1</pricingTier>
<region>eastus</region>
<deployment>
<resources>
<resource>
<directory>${project.basedir}/target</directory>
<includes>
<include>*.jar</include>
</includes>
</resource>
</resources>
</deployment>
<runtime>
<os>Linux</os>
<javaVersion>Java 11</javaVersion>
<webContainer>Java SE</webContainer>
</runtime>
</configuration>
</plugin>
</plugins>
</build>
</project>
推荐答案
我必须将以下内容添加到我的 application.yaml 中.
I had to add the following to my application.yaml.
server:
forward-headers-strategy: native
说明
我在我的应用程序上打开调试,我终于看到是什么导致了我的问题:
I turned on debugging on my application and I finally saw what was causing my issue:
重定向到https://login.microsoftonline.com/**tenant id**/oauth2/v2.0/authorize?response_type=code&client_id=**client id**&scope=https://manage.office.com/ServiceHealth.Read%20openid%20profile%20offline_access%20https://graph.microsoft.com/User.Read%20https://graph.microsoft.com/Directory.AccessAsUser.All%20https://graph.microsoft.com/Directory.Read.All%20https://manage.office.com/ActivityFeed.ReadDlp%20https://manage.office.com/ActivityFeed.Read&state=rccivv5nfrx270lpF_y4hHGDP-hhfUSSKI0mmokkNNA%3D&redirect_uri=http://myapp.azurewebsites.net/login/oauth2/code/azure&nonce=fVQX_yumChDneZJvE1pLljs81thZtpBk8do5h1XClGs'
重要的部分是 redirect_uri
参数:http://myapp.azurewebsites.net/login/oauth2/code/azure
The important part is the redirect_uri
parameter: http://myapp.azurewebsites.net/login/oauth2/code/azure
我的 Spring Boot 应用使用的是 http 而不是 https.
My Spring Boot app was using http instead of https.
现在我找到了一个 文章解决了这个问题,他们修复了我上面指出的相同问题.
Now I found an article that addresses this issue where they fixed this same issue as I indicated above.
这篇关于使用 Azure OAuth2 的 Spring Boot - 回复 URL 不匹配错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!