Menu
I want to add Twitter oAuth2 to my application. Earlier I added Facebook and google with success - I didn't have to add provider.
When i try to add twitter data to application.properties file and run server i get error:
Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.
This is my configuration:
spring.security.oauth2.client.registration.facebook.clientId=<SECRET>
spring.security.oauth2.client.registration.facebook.clientSecret=<SECRET>
spring.security.oauth2.client.registration.facebook.redirect-uri=http://localhost:8080/oauth2/callback/facebook
spring.security.oauth2.client.registration.facebook.scope=public_profile email
spring.security.oauth2.client.registration.twitter.clientId=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.provider=twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=token
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize
spring.security.oauth2.client.provider.twitter.user-info-uri=https://api.twitter.com/oauth/request_token
I add client ID so where is problem. And I hope I correct add oauth urls to configuration.
@Update I found problem :) Typo in here:
spring.security.oauth2.client.registration.twiter.authorization-grant-type=token
@UPDATE Now i have another problem, this is my configuration:
spring.security.oauth2.client.registration.twitter.client-id=<SECRET>
spring.security.oauth2.client.registration.twitter.clientSecret=<SECRET>
spring.security.oauth2.client.registration.twitter.redirect-uri=http://localhost:8080/oauth2/callback/twitter
spring.security.oauth2.client.registration.twitter.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.twitter.token-uri=https://api.twitter.com/oauth/access_token
spring.security.oauth2.client.provider.twitter.authorization-uri=https://api.twitter.com/oauth/authorize
And after i call: http://127.0.0.1:8080/oauth2/authorization/twitter i see this:
683
For the latest stable version, please use Spring Security 5.7.2! The OAuth 2.0 Client features provide support for the Client role as defined in the OAuth 2.0 Authorization Framework. The HttpSecurity.oauth2Client () DSL provides a number of configuration options for customizing the core components used by OAuth 2.0 Client.
Twitter does not support Oauth 2.0 flows involving user. It only supports the application only OAuth 2.0 Bearer Token: OAuth 2.0 Bearer Token is the application-only authentication method for authenticating with the Twitter API. As this method is specific to the application, it does not involve any users
The OAuth2AuthorizedClientManager is responsible for managing the authorization (or re-authorization) of an OAuth 2.0 Client, in collaboration with one or more OAuth2AuthorizedClientProvider (s). ClientRegistration is a representation of a client registered with an OAuth 2.0 or OpenID Connect 1.0 Provider.
For checking oauth tokens, Spring Security oauth exposes two endpoints – /oauth/check_token and /oauth/token_key. These endpoints are protected by default behind denyAll (). tokenKeyAccess () and checkTokenAccess () methods open these endpoints for use.
Your question is about using oauth2 client with Twitter and is not possible. Twitter does not support Oauth 2.0 flows involving user.
It only supports the application only OAuth 2.0 Bearer Token:
OAuth 2.0 Bearer Token is the application-only authentication method for authenticating with the Twitter API. As this method is specific to the application, it does not involve any users
https://developer.twitter.com/en/docs/basics/authentication/oauth-2-0
For flows involving end user, it uses Oauth 1.0a https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a
As you can see in the diagram below, Oauth 1.0a flow, your application first needs to talk to Authorisation Server to get a request token and pass that token when redirecting the user to authorisation server. And it is the token, that twitter is complaining as missing because it is Oauth 1.0a. I.e you are doing step B without step A.
Diagram Reference
https://oauth.net/core/1.0/
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
