skip to Main Content

I’m trying to call a 3rd party endpoint that requires authorization using Java spring rest Api, so I need to execute an Authorization Code Grant Flow.

I understand the flow where I need to first get the code then exchange the code for a JWT and finally use the JWT to be able to do the secure call.

What’s not making sense to me is how am I suppose to set up a redirect URI when I’m using solely working with a backend rest api with no UI. Usually the user is redirected to a login page where they either login with a username/password or 3rd party accounts (google/facebook…)

After alot of googling, all the searches ended with guides to secure my own endpoints rather than access a secure endpoint from my spring boot service

Edit: It’s worth mentioning that I’m using solely a backend with no front end (or MVC) whatsoever, after @Partha’s comment I did the following:

First, I added a new login endpoint, when accessed via browser(this won’t work with swagger/postman) it should redirect the user to the Authorization Server:

@GetMapping
public void login(HttpServletResponse httpServletResponse) {
    httpServletResponse.setHeader("Location", getAuthServerEndpoint());
    httpServletResponse.setStatus(302);
}

Where I built the endpoint to have all the data needed (client_id,redirect_uri…) so it looks something like

https://idpserver.bla/oauth/authorize?client_id=xyz&redirect_uri=http://localhost:8080/token&response_type=code&scope=xyz

Now it sends me to the Login page of the auth Server, after I login, I expect it to redirect me to localhost/token (which is a get request that would retrieve the code and do a post request to get a jwt and save it) but instead, I’m receiving a invalid redirect uri and I’m really not sure if this is an issue from my implementation or the server’s

EDIT2: I did a dumb mistake by NOT adding http://localhost:8080/token as a redirect url in the Auth Server since I assumed I didn’t need to

2

Answers


  1. Depending if you are using MVC or Webflux a different approach will be required:

    • MVC: include a “security filter” to do that. You will be able to see an example in the following links:

    MVC Securiry Manager

    MVC Security Filter

    MVC Security Configuration

    • Webflux: configure your own security manager. You will be able to see an example in the following links:

    Webflux Securiry Manager

    Webflux Securiry Context

    Webflux Security Configuration

    As you can see in both ones, an external service is called (using RestTemplate in MVC and WebClient in Webflux), to get the required authorization information and decide if the “logged user” pass the required security logic.

    You can adapt it in the way you need.

    Login or Signup to reply.
  2. Not really sure how are you trying.. idea here is .. your api server should have a get endpoint /login. In your controller of /login , you should redirect to IDP say http://idpserver.bla?client_id=xxx&grant_type=code&nonce=yyy&redirect_uri=http://localhost:8080/token ( note, its redirect, not make an api request ). So, with this, when you hit http://localhost:8080/login in ur browser, you should see it being redirected to IDP. now you enter ur credentials, IDP validates that and redirect back to http://localhost:8080/token?code=XYZABC or something similar. Your controller code of /token API should read the code from url param. and make a call (this is api call, not redirect) to IDP to exchange the code for a token ( idToken / accessToken) based on your scope. And using the token you should be able to access protected resources. Hope that helps

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search