azure-active-directoryazure-web-app-servicespring-security-oauth2

invalid_token_response An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]

I have added Azure AD as an authentication server but it is showing me the following error

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]

my application.properties:

 spring.security.oauth2.client.registration.azure-client.provider=azure-ad
 spring.security.oauth2.client.registration.azure-client.client-id=<Client_id>
 spring.security.oauth2.client.registration.azure-client.client-secret=<Client_secret>
 spring.security.oauth2.client.registration.azure-client.authorization-grant-type=authorization_code
 spring.security.oauth2.client.registration.azure-client.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
 spring.security.oauth2.client.registration.azure-client.scope=openid, profile
 spring.security.oauth2.client.registration.azure-client.client-authentication-method=post
 spring.security.oauth2.client.provider.azure-ad.authorization-uri=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
 spring.security.oauth2.client.provider.azure-ad.token-uri=https://login.microsoftonline.com/common/oauth2/v2.0/token
 spring.security.oauth2.client.provider.azure-ad.jwk-set-uri=https://login.microsoftonline.com/common/discovery/v2.0/keys
 spring.security.oauth2.client.provider.azure-ad.user-name-attribute=name
 server.forward-headers-strategy=native
 logging.level.org.springframework.security=DEBUG

And SecurityConfig class:

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {    
     @Override
     protected void configure( HttpSecurity http ) throws Exception {    
         http.authorizeRequests()
                 .antMatchers( "/oauth2/**", "/login/**" ).permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .oauth2Login()
                 .defaultSuccessUrl( "/home" );
    
     }
 }

And Controller:

 @RestController
 public class HomeController {
    
     @GetMapping( "home" )
     public String home( @AuthenticationPrincipal(expression = "claims['name']") String name ) {
         return String.format( "Hello %s!  welcome to the Security app", name);
     }
 }
Solution

  • On Work around

    Solution 1: Make sure you have entered the correct TenantID, ApplicationID and Application_Secret, and the Group name in the application.properties file

    and also the scopes your app is requesting have been configured (if admin consent is required, please grant it) in Azure Portal.

    Solution 2: Try with changing the the azure endpoints from v2 to v1. This is done by changing the endpoints

    e.g. http://login.microsoft.com/common/oauth2/v2.0/authorize becomes http://login.microsoft.com/common/oauth2/authorize as indicated in the v1 & v2 comparison.

    For more information about v1 refer this document

    For more details refer this SO Thread: