issue (and fix) for facebook login

[gcloeval]

hey thanks a lot man, such a nice and clean example, it worked really well.

i had an issue with facebook login throwing
invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: Could not extract response: no suitable HttpMessageConverter found for response type [java.util.Map<java.lang.String, java.lang.Object>] and content type [text/javascript;charset=UTF-8]

here is the fix in case you or other people want to patch:

this is documented here:
spring-projects/spring-security#6017

so the fix is also described in that link, but to summarize:

1. enable use of snapshot builds so you can get the latest not yet released verison of spring security:
   add the following additional repository in pom:

spring-snapshot Spring Snapshot Repository https://repo.spring.io/snapshot

2. now you can use a realese of spring security 5.1.2 snapshot that fixes this:

Add the following PROPERTY:

<spring-security.version>5.1.2.BUILD-SNAPSHOT</spring-security.version>

Here is the full reference of my pom that fixed that issue:

4.0.0

<groupId>com.example</groupId>
<artifactId>spring-social</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>oauth2-demo</name>
<description>Demo project for Spring Boot</description>

<parent>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-parent</artifactId>
	<version>2.1.0.RELEASE</version>
	<relativePath/>
	<!-- lookup parent from repository -->
</parent>

<properties>
	<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
	<java.version>1.8</java.version>
	<spring-security.version>5.1.2.BUILD-SNAPSHOT</spring-security.version>
</properties>

<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-data-jpa</artifactId>
	</dependency>

	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-client</artifactId>
	</dependency>

	<dependency>
		<groupId>mysql</groupId>
		<artifactId>mysql-connector-java</artifactId>
		<scope>runtime</scope>
	</dependency>
	<dependency>
		<groupId>io.jsonwebtoken</groupId>
		<artifactId>jjwt</artifactId>
		<version>0.5.1</version>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-test</artifactId>
		<scope>test</scope>
	</dependency>
</dependencies>

<build>
	<plugins>
		<plugin>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-maven-plugin</artifactId>
		</plugin>
	</plugins>
</build>

<repositories>
	<repository>
		<id>spring-milestones</id>
		<name>Spring Milestones</name>
		<url>https://repo.spring.io/milestone</url>
		<snapshots>
			<enabled>false</enabled>
		</snapshots>
	</repository>
	<repository>
		<id>spring-snapshot</id>
		<name>Spring Snapshot Repository</name>
		<url>https://repo.spring.io/snapshot</url>
	</repository>
</repositories>

[khiemnd5]

<3

[sellum]

@khiemnd5 i cant make it work, Can you say me if it's still working please?
I use the same pom.xml then @gcloeval.

Thank you !

[maiconcarraro]

@sellum The problem is related to "Strict mode" on facebook login, since we defined "redirectUriTemplate" its make requests using http (without httpS) and facebook blocks.

server.use-forward-headers=true did the trick for me

on SecurityConfig.java

-                .antMatchers("/auth/**", "/oauth2/**")
+                .antMatchers("/auth/**", "/oauth2/**", "/login/**")
                ...
-                .baseUri("/oauth2/authorize")
+                .baseUri("/login/oauth2/authorize")
                ...
-                .baseUri("/oauth2/callback/*")
+                .baseUri("/login/oauth2/code/*")

on application.yaml, remove redirectUriTemplate and add server.use-forward-headers

-              redirectUriTemplate: "{baseUrl}/oauth2/callback/{registrationId}" (both)
.....
+server:
+  use-forward-headers: true

you need to update React's constants src\constants\index.js

+ export const GOOGLE_AUTH_URL =
  API_BASE_URL + "/login/oauth2/authorize/google?redirect_uri=" + OAUTH2_REDIRECT_URI;
+ export const FACEBOOK_AUTH_URL =
  API_BASE_URL +
  "/login/oauth2/authorize/facebook?redirect_uri=" +
  OAUTH2_REDIRECT_URI;

and I used ngrok to tunneling https (localhost)

[sopnopriyo]

@maiconcarraro , can you please share a working example for the Facebook login?

[vasanthkumar22]

Using this in the pom.xml, should fix the issue

<spring-security.version>5.2.0.RELEASE</spring-security.version>

[sopnopriyo]

Those who are using nginx reverse proxy, can add the following in your application.yml

server:
    forward-headers-strategy: native

and your nginx configuration should be

location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
         proxy_set_header Host $host;
         proxy_pass http://localhost:8080; # if your spring boot runs at port 8080
 }

[ghassen1khalil]

I finally succeeded to resolve this problem thank's to @Grauzone's pull-request
You must add these methods in your SecurityConfig class :

private OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService() {
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
        enhanceJsonMessageConverter(restTemplate);
        customOAuth2UserService.setRestOperations(restTemplate);
        return customOAuth2UserService;
    }

    private void enhanceJsonMessageConverter(RestTemplate restTemplate) {
        // NOTE:
        // Facebook's UserInfo API -> https://graph.facebook.com/me
        // returns "text/javascript; charset=UTF-8" for the "content-type" response header
        // even though the content is JSON. This is not correct and should be reported to Facebook to fix.
        //
        // This is a temporary workaround that adds "text/javascript; charset=UTF-8"
        // as a supported MediaType in MappingJackson2HttpMessageConverter,
        // which is used to convert the UserInfo response to a Map.

        HttpMessageConverter<?> jsonMessageConverter = restTemplate.getMessageConverters().stream()
                .filter(c -> c instanceof MappingJackson2HttpMessageConverter)
                .findFirst()
                .orElse(null);

        if (jsonMessageConverter == null) {
            return;
        }

        List<MediaType> supportedMediaTypes = new ArrayList<>(jsonMessageConverter.getSupportedMediaTypes());
        supportedMediaTypes.add(MediaType.valueOf("text/javascript;charset=UTF-8"));
        ((AbstractHttpMessageConverter) jsonMessageConverter).setSupportedMediaTypes(supportedMediaTypes);
    }

And then replace .userService(customOAuth2UserService) by .userService(oauth2UserService())

[naabin]

Once I hit and get past Facebook page and I get this error. Anyone came through this issue?
java.lang.IllegalArgumentException: Illegal base64 character 2e at java.util.Base64$Decoder.decode0(Base64.java:714) at java.util.Base64$Decoder.decode(Base64.java:526) at com.reservation.securityconfig.oauth.CookieUtils.deserialize(CookieUtils.java:56) at com.reservation.securityconfig.oauth.HttpCookieOAuth2AuthoriationRequestRepository.lambda$0(HttpCookieOAuth2AuthoriationRequestRepository.java:22) at java.util.Optional.map(Optional.java:215) at com.reservation.securityconfig.oauth.HttpCookieOAuth2AuthoriationRequestRepository.loadAuthorizationRequest(HttpCookieOAuth2AuthoriationRequestRepository.java:22) at com.reservation.securityconfig.oauth.HttpCookieOAuth2AuthoriationRequestRepository.removeAuthorizationRequest(HttpCookieOAuth2AuthoriationRequestRepository.java:45) at org.springframework.security.oauth2.client.web.AuthorizationRequestRepository.removeAuthorizationRequest(AuthorizationRequestRepository.java:83) at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:160) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.reservation.securityconfig.RequestFilter.doFilter(RequestFilter.java:37) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1579) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)