79178129

Date: 2024-11-11 15:04:19
Score: 1
Natty:
Report link

I managed to retrieve the access token by changing redirect URI to

 .redirectUri("http://localhost:8082/login/oauth2/code/discord")

Because in AbstractAuthenticationProcessingFilter's doFilter:

 if (!this.requiresAuthentication(request, response)) {
            chain.doFilter(request, response);
        } else {
            try {
                Authentication authenticationResult = this.attemptAuthentication(request, response);

So the OAuth2LoginAuthenticationFilter's attemptAuthentication would only be executed if the

 protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
        if (this.requiresAuthenticationRequestMatcher.matches(request)) {
            return true;
        }

matcher returns true, which happens if:

   public boolean matches(HttpServletRequest request) {
        if (this.httpMethod != null && StringUtils.hasText(request.getMethod()) && this.httpMethod != HttpMethod.valueOf(request.getMethod())) {
            return false;
        } else if (this.pattern.equals("/**")) {
            return true;
        } else {
            String url = this.getRequestPath(request);
            return this.matcher.matches(url);
        }
    }

I'm not sure what /** means, but for any URL other than /login/oauth2/code/* false was returned for me.

Now I wonder how do I change the configuration, so that the grant code would get accepted by any redirect URL?

Reasons:
  • Blacklisted phrase (1): how do I
  • Long answer (-1):
  • Has code block (-0.5):
  • Ends in question mark (2):
  • Self-answer (0.5):
  • High reputation (-1):
Posted by: parsecer