I'm using the google api. I've used it with WSO2 and Salesforce. Below is the snippet of code from the client I'm using and the JSON service provider file generated by the management app. Let me know if there is anything else that would help. Thank you!
import com.google.api.client.auth.oauth2.*; private static final String CLIENT_ID = "fb3s86QV9QKl"; private static final String CLIENT_SECRET = "VgWn3ysT24gZo66K"; private static final String CALLBACK_URI = "http://localhost:8080/oauth_client"; public void initialize() { this.flow = new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), HTTP_TRANSPORT, JSON_FACTORY, new GenericUrl("https://cas.mydomain.com:8443/cas/oauth2.0/accessToken/"), new BasicAuthentication(CLIENT_ID, CLIENT_SECRET), CLIENT_ID, "https://cas.mydomain.com:8443/cas/oauth2.0/authorize/").setScopes(Arrays.asList(new String[]{"openid"})) .setCredentialDataStore(StoredCredential.getDefaultDataStore(new FileDataStoreFactory(new File("datastoredir")))) .build(); } public String buildLoginUrl() { final AuthorizationCodeRequestUrl url = flow.newAuthorizationUrl(); return url.setRedirectUri(CALLBACK_URI).setState(stateToken).build(); } JSON Service Provider --------------------------------------------------------------------------------------------------------------------------------------------- { @class: org.apereo.cas.support.oauth.services.OAuthRegisteredService serviceId: ^http://localhost:8080/oauth_client name: Myapp id: 111057507159608 description: Myapp evaluationOrder: 1 logoutType: NONE attributeReleasePolicy: { @class: org.apereo.cas.services.ReturnAllAttributeReleasePolicy principalAttributesRepository: { @class: org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository expiration: 2 timeUnit: HOURS } authorizedToReleaseCredentialPassword: false authorizedToReleaseProxyGrantingTicket: false } multifactorPolicy: { @class: org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy failureMode: CLOSED } accessStrategy: { @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy enabled: true ssoEnabled: true requireAllAttributes: false caseInsensitive: false } clientSecret: VgWn3ysT24gZo66K clientId: fb3s86QV9QKl bypassApprovalPrompt: false generateRefreshToken: false jsonFormat: false } On Monday, December 12, 2016 at 5:45:42 PM UTC-5, Misagh Moayyed wrote: > > Where or what is your client? > > > > --Misagh > > > > *From:* cas-...@apereo.org <javascript:> [mailto:cas-...@apereo.org > <javascript:>] *On Behalf Of *Todd Pratt > *Sent:* Monday, December 12, 2016 2:51 PM > *To:* CAS Community <cas-...@apereo.org <javascript:>> > *Subject:* [cas-user] Authorize request verification fails with OAuth and > CAS 5.0.x > > > > Hi, > > > > I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay > template. I included three dependencies, > cas-server-support-oidc, cas-server-support-ldap > and cas-server-support-json-service-registry. I built the management > webapp using that overlay template and I successfully logged into the > management app using the ldap authentication I setup. Now I'm trying to > setup a service provider for OpenID/OAuth2 and I keep getting an error page > with my test application that says "Application Not Authorized to use CAS" > instead of redirecting to the login page. I've used this test client with > other servers and it seems to work. I enabled debugging and looking > through the code it looks it found my provider I defined but then it fails > at OAuth20AuthorizeController.isRequestAuthenticated() returns false. The > method isRequestAuthenticated() seems to look for a profile in the session > which isn't there. Is there something I'm missing? Below is the portion > of the log. > > > > > > 2016-12-12 13:09:40,226 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <client_id: > fb3s86QV9QKl> > > 2016-12-12 13:09:40,227 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <redirect_uri: > http://localhost:8080/oauth_client> > > 2016-12-12 13:09:40,227 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <response_type: > code> > > 2016-12-12 13:09:40,227 DEBUG > [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Response > type: code> > > 2016-12-12 13:09:40,228 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Check registered > service: > org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false > > <javascript:>]> > > 2016-12-12 13:09:40,228 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Found: > org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false > > <javascript:>] vs redirectUri: http://localhost:8080/oauth_client> > > 2016-12-12 13:09:40,228 ERROR > [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Authorize > request verification fails> > > > > > > Thanks in advance for any help. > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/e8e05206-aae0-49ef-949a-85675631b489%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e8e05206-aae0-49ef-949a-85675631b489%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c4a43c11-0dd5-4727-8364-1d3a0e27162d%40apereo.org.