Message Boards
OAuth2 permission cancel redirects to a 400 error page
OAuth2 permission cancel redirects to a 400 error page
New Member Post: 1 Join Date: 11/20/19 Recent PostsI implemented a OAuth2 flow with Liferay 7.1, as described here: https://portal.liferay.dev/docs/7-1/deploy/-/knowledge_base/d/authorizing-account-access-with-oauth2
the process itself works nicely, but there is still a small issue. When a user decides to cancel the OAuth2 flow (see the attachment, the user clicks "abbrechen"). The user is redirected to /o/oauth2/authorize/decision. A URL that only responds with a 400 error.
Do I miss any permissions or configurations?
Since the /o/ path is reserved, I am not able to simply assign a custom page to this path
best regards
Simon
Attachments:
RE: OAuth2 permission cancel redirects to a 400 error page
Junior Member Posts: 77 Join Date: 7/12/11 Recent PostsThe HTTPS endpoint for your liferay instance probably is not liferay itself (common case if you are behind a loadbalancer) or you are accessing your liferay instance via HTTP instead of HTTPS.
If this is the case, the HTTP 400 stems from the Apache CXF library, saying that you're trying to use OAuth2 using an unsecured connection.
If you're on a local dev server via HTTP, you need to disable the security check. In your liferay home, folder osgi/configs, create the file com.liferay.oauth2.provider.rest.internal.endpoint.access.token.LiferayAccessTokenServiceRegistrator.cfg with the following content:
block.unsecure.requests=false
If you're on a server behind a load balancer, you'll need the following lines in your portal-ext.properties (web.server.protocol must not be set to anything!):
#web.server.protocol=
web.server.forwarded.host.enabled=true
web.server.forwarded.protocol.enabled=true