java - Redirect URL for Spring OAuth2 app on Azure with Active Directory: Invalid Redirect URI Parameter

Question

I am following the following two tutorials of the Azure documentation: https://docs.microsoft.com/en-us/azure/java/spring-framework/deploy-spring-boot-java-app-with-maven-plugin which shows how to deploy a simple Spring Boot application to Azure and https://docs.microsoft.com/en-us/azure/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory to set up and use an active directory as OAuth2 server with a Spring Security OAuth2 Client. Basically I just add the OAuth2 dependencies to Maven, a WebSecurityConfig class as shown in the second document and additionally also the azure.activedirectoy and spring.security properties.

When the application is just run from my local computer the login and redirection works fine. But when the application is deployed to Azure, I get an application error saying: Invalid Redirect URI Parameter. I think I have set the redirect-uri correctly as

https://{baseHost}{basePort}{basePath}/login/oauth2/code/azure

in the application properties as well as in the application registration with my Active Directory.

As far as I can see the authorization request uses the right parameters:

response_type: code
client_id: 4b5fbcfd-c35f-4bab-bc45-374c7e1dead8
scope: openid https://graph.microsoft.com/user.read
state: yMvo62R-6vgjETSGr_mnh4iIMZimVnFYZRyiGFaOPtE=
redirect_uri: https://myappname.azurewebsites.net/login/oauth2/code/azure
nonce: FUXJ5GoJ2NuNVx2ORU70YCqnJkEj8FRYHEJYMutEQzo

So, what could the Invalid Redirect URI Parameter be, and how can I change this?

Answer 1

I followed these two tutorials, it works fine on local environment, on Azure webapp, I encountered redirect url mismatch error.

The cause is that the redirect_uri is always started with http. After adding server.forward-headers-strategy=native in applications.properties, it works. (I am using spring boot 2.2)

Here is the pom.xml for your reference.

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">  
  <modelVersion>4.0.0</modelVersion>  
  <parent> 
    <groupId>org.springframework.boot</groupId>  
    <artifactId>spring-boot-starter-parent</artifactId>  
    <version>2.2.4.RELEASE</version>  
    <relativePath/>  
    <!-- lookup parent from repository --> 
  </parent>  
  <groupId>com.example.ad</groupId>  
  <artifactId>ad</artifactId>  
  <version>0.0.1-SNAPSHOT</version>  
  <name>ad</name>  
  <description>Demo project for Spring Boot</description>  
  <properties> 
    <java.version>1.8</java.version>  
    <azure.version>2.2.0</azure.version> 
  </properties>  
  <dependencies> 
    <dependency> 
      <groupId>org.springframework.boot</groupId>  
      <artifactId>spring-boot-starter-security</artifactId> 
    </dependency>  
    <dependency> 
      <groupId>org.springframework.boot</groupId>  
      <artifactId>spring-boot-starter-web</artifactId> 
    </dependency>  
    <dependency> 
      <groupId>com.microsoft.azure</groupId>  
      <artifactId>azure-active-directory-spring-boot-starter</artifactId> 
    </dependency>  
    <dependency> 
      <groupId>org.springframework.boot</groupId>  
      <artifactId>spring-boot-starter-test</artifactId>  
      <scope>test</scope>  
      <exclusions> 
        <exclusion> 
          <groupId>org.junit.vintage</groupId>  
          <artifactId>junit-vintage-engine</artifactId> 
        </exclusion> 
      </exclusions> 
    </dependency>  
    <dependency> 
      <groupId>org.springframework.security</groupId>  
      <artifactId>spring-security-test</artifactId>  
      <scope>test</scope> 
    </dependency>  
    <dependency> 
      <groupId>org.springframework.security</groupId>  
      <artifactId>spring-security-oauth2-client</artifactId> 
    </dependency>  
    <dependency> 
      <groupId>org.springframework.security</groupId>  
      <artifactId>spring-security-oauth2-jose</artifactId> 
    </dependency> 
  </dependencies>  
  <dependencyManagement> 
    <dependencies> 
      <dependency> 
        <groupId>com.microsoft.azure</groupId>  
        <artifactId>azure-spring-boot-bom</artifactId>  
        <version>${azure.version}</version>  
        <type>pom</type>  
        <scope>import</scope> 
      </dependency> 
    </dependencies> 
  </dependencyManagement>  
  <build> 
    <plugins> 
      <plugin> 
        <groupId>org.springframework.boot</groupId>  
        <artifactId>spring-boot-maven-plugin</artifactId> 
      </plugin>  
      <plugin> 
        <groupId>com.microsoft.azure</groupId>  
        <artifactId>azure-webapp-maven-plugin</artifactId>  
        <version>1.9.0</version>  
        <configuration>
          <schemaVersion>V2</schemaVersion>
          <resourceGroup>ad-1582615028467-rg</resourceGroup>
          <appName>ad-1582615028467</appName>
          <pricingTier>P1v2</pricingTier>
          <region>westeurope</region>
          <runtime>
            <os>linux</os>
            <javaVersion>jre8</javaVersion>
            <webContainer>jre8</webContainer>
          </runtime>
            <appSettings>
                <property>
                    <name>JAVA_OPTS</name>
                    <value>-Dserver.port=80</value>
                </property>
            </appSettings>
          <deployment>
            <resources>
              <resource>
                <directory>${project.basedir}/target</directory>
                <includes>
                  <include>*.jar</include>
                </includes>
              </resource>
            </resources>
          </deployment>
        </configuration>
      </plugin> 
    </plugins> 
  </build> 
</project>