Share via

Azure OAuth throwing Invalid Credentials error in production. But works locally.

Thalha 0 Reputation points
2025-02-11T11:56:46.0133333+00:00

Hello, this is my current spring boot security config. 

package com.example.emp_management.config;
import java.io.IOException;
import java.util.Arrays;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Value("${azure.tenant-id}")
    private String tenantId;
    @Value("${ipro.login.redirect-uri}")
    private String loginRedirectUri;
    @Value("${ipro.logout.redirect-uri}")
    private String logoutRedirectUri;
    @Value("${ipro.homepage-url}")
    private String iproHomePageUrl;
    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .csrf(csrf -> csrf.disable())
                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                .authorizeRequests(auth -> auth
                        .anyRequest().authenticated())
                .oauth2Login(oauth2 -> oauth2
                        .successHandler(new AuthenticationSuccessHandler() {
                            @Override
                            public void onAuthenticationSuccess(HttpServletRequest request,
                                    HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {
                                response.sendRedirect(loginRedirectUri);
                            }
                        }))
                .logout(logout -> logout
                        .logoutSuccessHandler(azureLogoutSuccessHandler())
                        .deleteCookies("JSESSIONID")
                        .invalidateHttpSession(true));
        return http.build();
    }
    private LogoutSuccessHandler azureLogoutSuccessHandler() {
        SimpleUrlLogoutSuccessHandler handler = new SimpleUrlLogoutSuccessHandler();
        handler.setDefaultTargetUrl(
                "https://login.microsoftonline.com/" + tenantId +
                        "/oauth2/v2.0/logout?post_logout_redirect_uri=" + logoutRedirectUri);
        return handler;
    }
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowedOrigins(Arrays.asList(iproHomePageUrl, "https://login.microsoftonline.com/**"));
        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
        config.setAllowedHeaders(Arrays.asList("*"));
        config.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        return source;
    }
}

and my properties file looks like this


spring:
  security:
    oauth2:
      client:
        provider:
          azure:
            issuer-uri: https://login.microsoftonline.com/xxxxxxxx/v2.0             
			user-name-attribute: name
        registration:
          azure-dev:
            provider: azure
            client-id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
            client-secret: xxxxxxxxxxxxxxxxxxxxxxxx
            redirect-uri: http://localhost:8082/api/login/oauth2/code/azure-dev
            scope:
              - openid
              - email
              - profile
azure:
    tenant-id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ipro:
  homepage-url: http://localhost:3000/
  login:
    redirect-uri: http://localhost:3000/dashboard
  logout:
    redirect-uri: http://localhost:3000/

In production I replaced the localhost with domain name and also I updated the redirect URL in Authentication section of App in Azure AD.

But once I give me cred to login it redirects me to this page

User's image

the url is like --> https://[domain]/api/login?error

I couldn't figure out the cause. Please help.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,874 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,186 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.