javaspring-mvcoauth-2.0oltu

Apache Oltu + Microsoft Integration - OAuthProblemException{error='invalid_request', description='missing required parameters, includes an invalid


I am working on the Spring MVC + Apache Oltu + Microsoft integration. In this example I was trying to create an App over https://apps.dev.microsoft.com/ and get the ClientId and Client Secrete to access the protected resources.

The following piece of code I used

request= new OAuthBearerClientRequest
                ("https://login.microsoftonline.com/common/oauth2/v2.0/authorize?oauth2_access_token="+oAuthResponse.getAccessToken()).
                buildQueryMessage();

Another

OAuthAccessTokenResponse oAuthResponse = oAuthClient.accessToken(request);

and

private static final String CLIENT_SECRET = "RYbo4yBdvzg4R9oxkNGG0CC";
private static final String CLIENT_ID = "23e101f2-e00b-416f-a7f8-5f85cc5cdXX";
private static final String REDIRECT_URL = "http://localhost:8080/apache-oltu/microsoft/redirect";
private static final String AUTH_URL = "https://login.live.com/oauth20_authorize.srf"

I was able to successfully able to login into the Microsoft, but at the redirection back into my application I get the below error:

REDIRECT TO: https://login.live.com/oauth20_authorize.srf?scope=openid%2Cemail%2Cprofile%2Coffline_access&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fapache-oltu%2Flinkedin%2Fredirect&client_id=23e101f2-e00b-416f-a7f8-5f85cc5XXX
Received CODE: Mc4f61a9e-0e83-a293-e8a0-df7db8898027
Oct 02, 2017 10:41:39 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [appServlet] in context with path [/apache-oltu] threw exception [Request processing failed; nested exception is OAuthProblemException{error='invalid_request', description='missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired', uri='null', state='null', scope='null', redirectUri='null', responseStatus=400, parameters={}}] with root cause
OAuthProblemException{error='invalid_request', description='missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired', uri='null', state='null', scope='null', redirectUri='null', responseStatus=400, parameters={}}
    at org.apache.oltu.oauth2.common.exception.OAuthProblemException.error(OAuthProblemException.java:59)
    at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateErrorResponse(OAuthClientValidator.java:63)
    at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validate(OAuthClientValidator.java:48)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponse.validate(OAuthClientResponse.java:127)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:96)
    at org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse.init(OAuthAccessTokenResponse.java:65)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:101)
    at org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse.init(OAuthAccessTokenResponse.java:60)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:120)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory.createCustomResponse(OAuthClientResponseFactory.java:82)
    at org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:111)
    at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:65)
    at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:77)
    at com.apache.oltu.LinkedinController.getAccessToken(LinkedinController.java:75)
    at com.apache.oltu.LinkedinController.redirect(LinkedinController.java:54)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source) 

Solution

  • I just got the solution for this issue. The problem is about one mistake in the Client Example in the Apache Amber (Oltu) project:

    First I used the Auth code request (which work):

    OAuthClientRequest request = OAuthClientRequest
                    .authorizationLocation(AUTH_URL)
                    .setClientId(CLIENT_ID)
                    .setRedirectURI(REDIRECT_URL)
                    .setResponseType("code")
                    .setScope("openid,email,profile,offline_access")
                    .buildQueryMessage();
    

    And second the request about the Access Token (which don't work):

    OAuthClientRequest request = OAuthClientRequest
                    .tokenLocation(TOKEN_URL)
                    .setGrantType(GrantType.AUTHORIZATION_CODE)
                    .setClientId(CLIENT_ID)
                    .setClientSecret(CLIENT_SECRET)
                    .setRedirectURI(REDIRECT_URL)
                    .setCode(authorizationCode)
                    .buildQueryMessage();
                    //.buildBodyMessage();
    

    The mistake is about the buildBodyMessage() in the second request. Change it by buildQueryMessage().

    This solved my issue, but now I am facing a new issue. Have posted the separate question here.