'Getting [invalid_id_token] Missing (required) ID Token in Token Response for Client Registration: github

I'm using SpringBoot and Oauth2 to authenticate on my application, using github for now. If I use the scope oidc on application.properties the process works fine and github is used for he login.

My issue is that I want/need to use scope openid to get the id_token. When I change my application.properties to

spring.security.oauth2.client.registration.github.scope=openid

I start getting this error as response from login:

[invalid_id_token] Missing (required) ID Token in Token Response for Client Registration: github

I still get the http://localhost:8080/login/oauth2/code/github?code=ABC&state=CDE but right after that, the error shows up.

My security class is:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{


@Override
public void configure(HttpSecurity http) throws Exception {
    http
    .authorizeRequests()
    .antMatchers("/admin").hasRole("ADMIN")
    .antMatchers("/user").hasRole("USER")
    .anyRequest().authenticated()
    .and()
    .formLogin()
    .and()
    .oauth2Login()
    ;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("springuser").password(passwordEncoder().encode("spring123")).roles("USER")
    .and()
    .withUser("springadmin").password(passwordEncoder().encode("admin123"))
    .roles("ADMIN", "USER");
    }

Any clue on what I should look to?

Thanks in advance

spring-bootoauth-2.0


Solution 1:[1]

This

spring.security.oauth2.client.registration.github.scope=openid

activates OpenID Connect authentication, that's built on top of Oauth2. But that's no longer just Oauth2, as it requires that token. If Oauth2 is what you want, just remove the above line.

Yes it's just confusing, and that's probably why folks avoid OIDC.

Solution 2:[2]

I got it working!

Turns out the issue wasn't on the code. Problem was somehow on the github oauth2 credentials. When I used a token/secret generated by Google Credentials I didn't have to change anything else besides the application.properties.

The mistery about github login still remains, since there's not much data on the token register to be changed.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 jalmasi
Solution 2 Romulo Diniz

Related Questions

No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS

Modern Oauth2 authentication for sending mails using Nodemailer nodejs

Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Change the preferred_username in token for client credential grant flow

How to convert guild.permissions number into an array of persmissions discord.js oauth2

how to config apache jmeter 2.6 oauth 2.0

oauth-private.key does not exist or is not readable

ASP.NET Web API Google OAuth keep return "Access Denied"

Java - OAuth 2 using restTemplate to get login with refresh token (StackOverFlowError)

AWS Cognito; unauthorized_client error when hitting /oauth2/token

AWS Cognito; unauthorized_client error when hitting /oauth2/token

Salesforce OAuth User Agent Flow: obtain refresh token with

JWT "invalid_grant" in Signature in Google OAuth2

"Full authentication is required to access this resource" on spring oauth2 authorization server on /oauth/token request