I wanted to create a sample Spring Boot application using AWS cognito for authorization. I was following several tutorials but always ended with the same error.
When I run the application, I get:
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through field 'httpSecurity': Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration': Unsatisfied dependency expressed through method 'setContentNegotiationStrategy' parameter 0: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setAuthorizedClientManager' parameter 0: Error creating bean with name 'OAuth2AuthorizedClientManager': Failed to instantiate [org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager]: Factory method 'getAuthorizedClientManager' threw exception with message: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]:Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception with message: Unable to resolve Configuration with the provided Issuer of "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_9EmaXexYM/.well-known/openid-configuration"
This seems to me weird because when I access directly in the browser the URL https://cognito-idp.us-east-1.amazonaws.com/us-east-1_9EmaXexYM/.well-known/openid-configuration , I get a response with all the information. What could be the problem?
My application.yml:
spring:
security:
oauth2:
client:
registration:
cognito:
clientName: SpringBootApp
client-secret: 11iflp3rhfuj9veomalbsvoi5url4vhu3r39in5l1jo0btsac48s
redirect-uri: 'http://localhost:8080/login/oauth2/code/cognito'
client-id: 3ai0tn07c5smcn00d963670rsf
scope: openid
authorization-grant-type: authorization_code
provider:
cognito:
issuerUri: https://cognito-idp.us-east-1.amazonaws.com/us-east-1_9EmaXexYM/.well-known/openid-configuration
In Spring configuration, the issuer-uri
is to be set with the Issuer Identifier, not with the OIDC discovery URI.
As a reminder:
/.well-known/openid-configuration
to the Issuer Identifierissuer
property in the OpenID configuration available at the OIDC discovery URI must contain the Issuer Identifieriss
claim in JWTs and introspection endpoint must contain the Issuer IdentifierAccording to the OIDC discovery URI you provide and to the configuration it exposes, your Issuer Identifier is https://cognito-idp.us-east-1.amazonaws.com/us-east-1_9EmaXexYM
.
So, remove that /.well-known/openid-configuration
suffix from the issuer-uri
value in your conf.