Message Boards

OAuth2 permission cancel redirects to a 400 error page

Simon Dorr, modified 4 Years ago.

OAuth2 permission cancel redirects to a 400 error page

New Member Post: 1 Join Date: 11/20/19 Recent Posts
Hello community,

I implemented a OAuth2 flow with Liferay 7.1, as described here: https://portal.liferay.dev/docs/7-1/deploy/-/knowledge_base/d/authorizing-account-access-with-oauth2
the process itself works nicely, but there is still a small issue. When a user decides to cancel the OAuth2 flow (see the attachment, the user clicks "abbrechen"). The user is redirected to /o/oauth2/authorize/decision. A URL that only responds with a 400 error.

Do I miss any permissions or configurations?
Since the /o/ path is reserved, I am not able to simply assign a custom page to this path

​​​​​​​best regards
Simon
thumbnail
Dave Kliczbor, modified 3 Years ago.

RE: OAuth2 permission cancel redirects to a 400 error page

Junior Member Posts: 77 Join Date: 7/12/11 Recent Posts

The HTTPS endpoint for your liferay instance probably is not liferay itself (common case if you are behind a loadbalancer) or you are accessing your liferay instance via HTTP instead of HTTPS.

If this is the case, the HTTP 400 stems from the Apache CXF library, saying that you're trying to use OAuth2 using an unsecured connection.

If you're on a local dev server via HTTP, you need to disable the security check. In your liferay home, folder osgi/configs, create the file com.liferay.oauth2.provider.rest.internal.endpoint.access.token.LiferayAccessTokenServiceRegistrator.cfg with the following content:

block.unsecure.requests=false

If you're on a server behind a load balancer, you'll need the following lines in your portal-ext.properties (web.server.protocol must not be set to anything!):

#web.server.protocol=
web.server.forwarded.host.enabled=true
web.server.forwarded.protocol.enabled=true