Wednesday, August 2, 2017

Enabling Oauth2sso on Google App Engine

Leave a Comment

I am trying to get spring security oauth2 setup on my application in Google app engine. Everything seems to work fine locally but when i deploy to app engine things start to break down. After I authenticate through google its forwarding me to a Whitelabel error page. In the console I see this error:

http://my-application.appspot.com/login?state=t…m&session_state=8b67f5df659a8324430803973b9e1726e39fd454..1ae3&prompt=none  401 (Unauthorized) 

I setup my auth with this application.yml file:

security:   oauth2: client:   clientId: client-key   clientSecret: secret-key   accessTokenUri: https://www.googleapis.com/oauth2/v4/token   userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth   clientAuthenticationScheme: form   scope:     - openid     - email     - profile     - https://www.googleapis.com/auth/cloud-platform resource:   userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo   preferTokenInfo: true 

My security config looks somethign like this:

@Override protected void configure(HttpSecurity http) throws Exception {     http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())         .and()             .authorizeRequests()             .antMatchers("/static/**").permitAll()             .antMatchers("/**").hasAuthority("ROLE_ADMIN")             .anyRequest().authenticated()         .and()             .exceptionHandling()             .accessDeniedPage("/403"); } 

I have configured the Oauth ID on the google credential pages to allow authorized javascript origins to be:

http://my-application.appspot.com https://my-application.appspot.com http://localhost:8080 

And the authorized redirect URIs to:

http://my-application.appspot.com/login https://my-application.appspot.com/login http://localhost:8080/login 

Any ideas why i might be getting unauthorized errors once I deploy to GAE?

Thanks,

Craig

1 Answers

Answers 1

Your problem is about Authorization, maybe missed step on fully authorizing application, such as moving your client_secret.json to your working directory.

https://developers.google.com/drive/v3/web/quickstart/java#step_1_turn_on_the_api_name

Step 1: Turn on the Drive API

  1. Use this wizard to create or select a project in the Google Developers Console and automatically turn on the API. Click Continue, then Go to credentials. On the Add credentials to your project page, click the Cancel button.

    1. At the top of the page, select the OAuth consent screen tab. Select an Email address, enter a Product name if not already set, and click the Save button. Select the Credentials tab, click the Create credentials button and select OAuth client ID.

    2. Select the application type Other, enter the name "Drive API Quickstart", and click the Create button.

    3. Click OK to dismiss the resulting dialog.

    4. Click the file_download (Download JSON) button to the right of the client ID.

    5. Move this file to your working directory and rename it client_secret.json.

helpful link : GCM http 401 authorization error

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment