I am currently migrating from Keycloak to Auth0 for identity management and authorisation.
I have set the following in my application.yml
openid:
auth-url: h {cantputthelikebecuasenewuser}/authorize
token-url: {cantputthelikebecuasenewuser}/oauth/token
jwks-url: {cantputthelikebecuasenewuser}/.well-known/jwks.json
client-id: SuPeRsEcReT
client-secret: sUpErSeCrEt
username-attribute: name
roles-claim: {cantputthelikebecuasenewuser}/shinyproxy_roles
And when I start SP and navigate to localhost:8080 I get redirected to Auth0 as I should.
I enter user and pass and then I get the Auth0 spinner for a long time. in my SP logs I have:
2019-03-21 15:58:38.134 ERROR 20444 — [ XNIO-2 task-17] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/shinyproxy
java.lang.StackOverflowError: null
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_171]
Followed by the kind of garbage one might expect for indefinite redirects!
I have /login/oauth2/code/shinyproxy as the only entry in my allowed redirects.
Well… I did already have that setting “server.userForwardHeaders:true” although I am not using nginx in my development set up. I tried taking the setting out and it also doesn’t work.
I have some more information;
This only seems to happen if a user is not authorised. For example, if I create an account but do not verify my email. I guess auth0 doesn’t show the error itself, but redirects the user back to the home application (SP in this case) and allows that application to handle the authentication error.
Is this a feature that is not implemented in SP?
Do you know of a way I can override the return url SP sends to Auth0? I could implement my own controller and views to handle this if so…
But for new users, since shinyproxy_roles metadata haven’t been set so it returns undefined, the rules couldn’t get to callback, so what I did is update the rule with a try catch: