Question 104670 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Spring Boot OAuth2 invalid_user_info_response

Im building a webMVC app with Azure as Identity Provider and Im getting the following error:

[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: I/O error on GET request for "https://graph.microsoft.com/oidc/userinfo": graph.microsoft.com

[nio-8080-exec-3] o.s.web.client.RestTemplate              : HTTP GET https://graph.microsoft.com/oidc/userinfo
[nio-8080-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
[nio-8080-exec-3] .s.a.DefaultAuthenticationEventPublisher : No event was found for the exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
[nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy        : Redirecting to /login?error

Am I missing something?

spring.security.oauth2.client.provider.azure.issuer-uri=https://login.microsoftonline.com/XXXX/v2.0
spring.security.oauth2.client.registration.myapp.client-name=XXXX
spring.security.oauth2.client.registration.myapp.client-id=XXXX
spring.security.oauth2.client.registration.myapp.client-secret=XXXX
spring.security.oauth2.client.registration.myapp.provider=azure
spring.security.oauth2.client.registration.myapp.redirect-uri=http://localhost:8080/login/oauth2/code/
spring.security.oauth2.client.registration.myapp.scope=openid, profile, User.Read
spring.security.oauth2.client.registration.myapp.authorization-grant-type=authorization_code
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    for some reason the proxy server configured on my machine was not able to solve the dns graph.microsoft.com and I was getting the message "invalid_user_info_response". In order to fix it you need to make sure that your machine is able to reach graph.microsoft.com


  2. 0

    I tried to reproduce the same in my environment via Postman and got below results:

    I created one Azure AD application and granted permissions like below:

    enter image description here

    To get code, I used below authorization request:

    https://login.microsoftonline.com/tenantID/oauth2/v2.0/authorize?
client_id=client_id
&response_type=code
&redirect_uri=redirect_uri
&response_mode=query
&scope=openid profile user.read
&state=12345

    When I ran the above request in browser, I got consent screen like below:

    enter image description here

    After accepting the above consent, I got the code in address bar like below:

    enter image description here

    To generate access token, I used below parameters and got token like this:

    POST https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

grant_type:authorization_code
client_id:client_id
client_secret:client_secret
scope:openid profile user.read
code:code
redirect_uri: redirect_uri

    enter image description here

    When I used the above token to get user info data, I got the response successfully like below:

    GET https://graph.microsoft.com/oidc/userinfo

    Response:

    enter image description here

    In your scenario, make sure to include below parameters in your code like below:

    spring.security.oauth2.client.registration.azure.client-id: xxx
spring.security.oauth2.client.registration.azure.client-secret: xxx
spring.security.oauth2.client.registration.azure.client-name: App Name
spring.security.oauth2.client.registration.azure.client-authentication-method: basic
spring.security.oauth2.client.registration.azure.provider: azure
spring.security.oauth2.client.registration.azure.scope: openid profile user.read
spring.security.oauth2.client.registration.azure.redirect-uri: http://localhost:8080/login/oauth2/code/azure
spring.security.oauth2.client.registration.azure.authorization-grant-type: authorization_code

spring.security.oauth2.client.provider.azure.issuer-uri=https://login.microsoftonline.com/<tenant id>/v2.0
spring.security.oauth2.client.provider.azure.authorization-uri: https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize
spring.security.oauth2.client.provider.azure.user-info-uri: https://graph.microsoft.com/oidc/userinfo 
spring.security.oauth2.client.provider.azure.token-uri: https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
spring.security.oauth2.client.provider.azure.jwk-set-uri: https://login.microsoftonline.com/<tenant id>/v2.0/keys
spring.security.oauth2.client.provider.azure.user-name-attribute: name

    To know more in detail, please refer below link:

    Spring security using OAuth2 with Microsoft – AzureAD

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search