Spring App With Keycloak - authorization request not found error

Securing applications
1

Hello, I am currently developing a spring app that integrates keycloak for user authentication. I have set up a realm along with a client so that the authentication runs successfully when manually fetching token via postman and then using it to access endpoints. However, when I try to login via browser I get [authorization_request_not_found] after the login page.

image
image1423×691 9.62 KB

This is my application.properties setup:

spring.main.banner-mode=off

spring.datasource.url=${DATASOURCE_URL}
spring.datasource.username=${POSTGRES_USER}
spring.datasource.password=${POSTGRES_PASSWORD}

spring.jpa.properties.hibernate.default_schema=public
spring.jpa.show-sql=false
spring.jpa.hibernate.ddl-auto=none

spring.data.rest.base-path=api/

spring.liquibase.change-log=classpath:changelog-master.xml

spring.thymeleaf.prefix=classpath:/templates/
spring.thymeleaf.suffix=.html
spring.thymeleaf.cache=false

spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs

jwt.auth.converter.resource-id=${KEYCLOAK_RESOURCE}
jwt.auth.converter.principal-attribute=preferred_username

spring.security.oauth2.client.registration.keycloak.client-id=${KEYCLOAK_RESOURCE}
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_SECRET}
spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.keycloak.provider=keycloak
spring.security.oauth2.client.provider.keycloak.token-uri=${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.authorization-uri=${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/auth
spring.security.oauth2.client.provider.keycloak.user-info-uri=${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.keycloak.jwk-set-uri=${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username

And my Spring security config:

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@Slf4j
public class SecurityConfig {

    private static final String PROFILE_FORM_URL = "/profile_form";

    private static final String VIEW_JOBS_URL = "/view_jobs";

    private final JwtConverter jwtConverter;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests((authorize) -> authorize
                        .requestMatchers(HttpMethod.GET, PROFILE_FORM_URL).permitAll()
                        .requestMatchers(HttpMethod.POST, PROFILE_FORM_URL).permitAll()
                        .requestMatchers(HttpMethod.GET, VIEW_JOBS_URL).hasRole(Role.ADMIN.getName())
                        .anyRequest().authenticated()
                );
        http.oauth2Login(Customizer.withDefaults());
        http.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtConverter)));

        return http.build();
    }

}

Do you have any ideas what might be causing the problem? Thank you!

2

Here are some examples that may help you as a reference:

One thing to keep in mind is that it’s not necessary to specify all the OAuth 2.0 endpoints. Simply providing the issuer-uri is sufficient, as the library handles the discovery of the other endpoints through the use of the OIDC discovery endpoint.

3

This is more a Spring related question that Keycloak related. Perhaps you should ask in a Spring forum to get proper help.