Я использую Spring Security 5 с Cognito Userpool.
Я реализовал вход в Facebook через пул пользователей, используя OAuth2 API-интерфейсы пользователей.Мне удалось войти в систему, используя мою учетную запись Facebook, но как только я удалил пользователя из пула пользователей (через deleteUser API), мне не удалось снова зарегистрироваться и выдать ошибку invalid_grant.
...
[nio-8090-exec-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
[nio-8090-exec-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
[nio-8090-exec-6] o.s.web.client.RestTemplate : HTTP POST https://mydomain.auth.myregion.amazoncognito.com/oauth2/token
[nio-8090-exec-6] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
[nio-8090-exec-6] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx], redirect_uri=[http://localhost:8090/login/oauth2/code/facebook]}] as "application/x-www-form-urlencoded;charset=UTF-8"
[nio-8090-exec-6] o.s.web.client.RestTemplate : Response 400 BAD_REQUEST
[nio-8090-exec-6] .s.a.DefaultAuthenticationEventPublisher : No event was found for the exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
[nio-8090-exec-6] .s.o.c.w.OAuth2LoginAuthenticationFilter : Authentication request failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_grant]
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_grant]
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate(OidcAuthorizationCodeAuthenticationProvider.java:143) ~[spring-security-oauth2-client-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) ~[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:186) ~[spring-security-oauth2-client-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160) [spring-security-oauth2-client-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
...
Я попытался очистить кеш браузера, но ничего не случилось.Однако мне удалось снова войти в систему примерно через 30 минут , используя тот же исходный код.
Есть некоторые кэши для авторизации в Cognito Userpool или Facebook?
application.yml
spring:
security:
oauth2:
client:
registration:
facebook:
clientId: xxxxxxxxxxxxxxxx
clientSecret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
clientAuthenticationMethod: basic
redirectUriTemplate: '{baseUrl}/login/oauth2/code/{registrationId}'
authorizationGrantType: authorization_code
scope:
- openid
- email
- profile
- aws.cognito.signin.user.admin
clientName: Facebook
provider:
facebook:
authorizationUri: https://mydomain.auth.myregion.amazoncognito.com/oauth2/authorize?identity_provider=Facebook
tokenUri: https://mydomain.auth.myregion.amazoncognito.com/oauth2/token
jwkSetUri: https://cognito-idp.myregion.amazonaws.com/my_userpool_id/.well-known/jwks.json
userInfoUri: https://mydomain.auth.myregion.amazoncognito.com/oauth2/userInfo
userNameAttribute: sub