Spring Security oauth2 client - problem with Twitter

C

2

16

I want to add Twitter oAuth2 to my application. Earlier I added Facebook and google with success - I didn't have to add provider. When i try to add twitter data to application.properties file and run server i get error:

Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.

This is my configuration:

spring.security.oauth2.client.registration.facebook.clientId=<SECRET>
spring.security.oauth2.client.registration.facebook.clientSecret=<SECRET>
spring.security.oauth2.client.registration.facebook.redirect-uri=http://localhost:8080/oauth2/callback/facebook
spring.security.oauth2.client.registration.facebook.scope=public_profile email


spring.security.oauth2.client.registration.twitter.clientId=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.provider=twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=token
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize
spring.security.oauth2.client.provider.twitter.user-info-uri=https://api.twitter.com/oauth/request_token

I add client ID so where is problem. And I hope I correct add oauth urls to configuration.

@Update I found problem :) Typo in here:

spring.security.oauth2.client.registration.twiter.authorization-grant-type=token

@UPDATE Now i have another problem, this is my configuration:

spring.security.oauth2.client.registration.twitter.client-id=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/access_token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize

And after i call: http://127.0.0.1:8080/oauth2/authorization/twitter i see this:

Complete answered 14/10, 2019 at 16:23 Comment(2)

Spring Security OAuth Client is based on OpenID Connect support from Provider. I doubt Twitter support OpenID Connect specification as of now. Otherwise SpringSecurity folks would have provided default configuration for Twitter in addition to Google, GitHub, FB and Okta. – Grata 3/4, 2020 at 6:3

@JuniorWithEverything, can you try with this token uri? https://api.twitter.com/oauth2/token – Quartermaster 12/7, 2020 at 15:59

O

1

Your question is about using oauth2 client with Twitter and is not possible. Twitter does not support Oauth 2.0 flows involving user.
It only supports the application only OAuth 2.0 Bearer Token:

OAuth 2.0 Bearer Token is the application-only authentication method for authenticating with the Twitter API. As this method is specific to the application, it does not involve any users

https://developer.twitter.com/en/docs/basics/authentication/oauth-2-0
For flows involving end user, it uses Oauth 1.0a https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a
As you can see in the diagram below, Oauth 1.0a flow, your application first needs to talk to Authorisation Server to get a request token and pass that token when redirecting the user to authorisation server. And it is the token, that twitter is complaining as missing because it is Oauth 1.0a. I.e you are doing step B without step A.

Diagram Reference

https://oauth.net/core/1.0/

Olatha answered 13/7, 2020 at 9:25 Comment(0)

Q

0

Try to change the grant_type as client_credentials and/or changing the oauth token url to https://api.twitter.com/oauth2/token.

Additionally, there are some of the below sites which you can go through to interact with Twitter via Spring's social provider api.

https://docs.spring.io/spring-social-twitter/docs/current/reference/htmlsingle/

https://developer.twitter.com/en/docs/basics/authentication/api-reference/token

Quartermaster answered 25/7, 2020 at 17:11 Comment(0)

Recommended topics

Hot tags