I bumped into blocker with configuring openid authorisation based on my identity provider. After deep investigation i found out that shinyproxy sets weird scope value “openid%20email” (%20 is a + character).
From shinyproxy point of view authorisation loops and fails by stackoverflow.
BAD:
auth?response_type=code&client_id=shinyproxy&scope=openid%20email&state=L6fTrIYp40Or-b6ZKqwoP3rvhWdGIGEt3gzkCC7Prm0%3D&redirect_uri=http://localhost/shinyproxy/login/oauth2/code/shinyproxy
GOOD:
auth?client_id=another_id&redirect_uri=http://localhost/&response_type=id_token&scope=openid+profile+email+groups+offline_access&state=6b7ee6e4ae87a53c094d2f00ea510b13e82997e33c8dbdb307785d760fa56b49&nonce=444e71c5c9f65b6257cb0b3ebf0d279fc6fed8cfabe705438359655b7a9cd5ba
Also is there possibility to change response_type in shinyproxy from “code” to “id_token”?
shinyproxy logs:
2019-01-25 12:41:31.413 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-01-25 12:41:31.413 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
2019-01-25 12:41:31.414 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-01-25 12:41:31.414 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
2019-01-25 12:41:31.415 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-01-25 12:41:31.415 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
2019-01-25 12:41:31.416 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-01-25 12:41:31.416 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
2019-01-25 12:41:31.417 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-01-25 12:41:31.417 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
2019-01-25 12:41:31.417 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-01-25 12:41:31.417 DEBUG 1 — [ XNIO-2 task-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider