javaspringspring-bootgoogle-oauthspring-oauth2

Spring boot oauth2 does not invoke successHandler and always redirects to "/" after authentication


I am trying to set up a basic google oauth setup for a spring boot app. My idea is that frontend will redirect to a url like http://localhost:8081/oauth2/authorization/google and after authentication, the backend creates user, user session then redirects back to localhost:3000 (frontend)

I have written a Oauth2SuccessHandler and Oauth2FailureHandler for this purpose. This is my SecurityConfig.

import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

    private final OAuth2SuccessHandler successHandler;
    private final OAuth2FailureHandler failureHandler;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/oauth2/**","/auth/**").permitAll()
                        .anyRequest().authenticated()
                )
                .oauth2Login(oauth -> oauth
                        .successHandler(successHandler)
                        .failureHandler(failureHandler)
                );
        return http.build();
    }

}

It mostly seems to work however after authentication, the Oauth2successHandler is not invoked. It looks like this

@Component
@RequiredArgsConstructor
public class OAuth2SuccessHandler implements AuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response,
        Authentication authentication) throws IOException {
//My logic
}
}

"My logic" never gets executed. The authentication seems to be successful, I am able to see my google account details in the logs. After that, it redirects to "/" (localhost:8081/) instead of going to my success handler.

In case application.properties is useful,

spring.security.oauth2.client.registration.google.client-id=
spring.security.oauth2.client.registration.google.client-secret=
spring.security.oauth2.client.registration.google.scope=openid,email,profile
spring.security.oauth2.client.registration.google.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}

spring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/v2/auth
spring.security.oauth2.client.provider.google.token-uri=https://oauth2.googleapis.com/token
spring.security.oauth2.client.provider.google.user-info-uri=https://openidconnect.googleapis.com/v1/userinfo
spring.security.oauth2.client.provider.google.user-name-attribute=sub

My question is to understand why my SuccessHandler is not invoked and how to fix it.


Solution

  • After I added @Configuration to SecurityConfig, it fixed my issue. The OauthSuccessHandler is getting invoked now. However, I am still not sure how the oauth flow worked before but only my OauthSuccessHandler failed to get invoked.