Spring Boot OAuth2 Twitch Authentication Issue: Successfully Authorized, But Unable to Access Protected Endpoints

I am using Spring Boot for OAuth2 authentication with Twitch, and I can successfully authorize my application. However, I am facing an issue where, even after successful authorization, I am unable to access protected endpoints. The authorization process seems to work correctly, but when trying to reach secured endpoints, I encounter access issues. Seeking help to troubleshoot and resolve this OAuth2 authentication problem in Spring Boot with Twitch integration.

application.properties:

spring.security.oauth2.client.registration.twitch.client-id=client_id
spring.security.oauth2.client.registration.twitch.client-secret=client_secret
spring.security.oauth2.client.registration.twitch.client-authentication-method=post
spring.security.oauth2.client.registration.twitch.redirect-uri=http://localhost:8080/secure
spring.security.oauth2.client.registration.twitch.provider=twitch
spring.security.oauth2.client.registration.twitch.scope=user:read:email
spring.security.oauth2.client.registration.twitch.authorization-grant-type=authorization_code
spring.security.oauth2.client.provider.twitch.authorization-uri=https://id.twitch.tv/oauth2/authorize
spring.security.oauth2.client.provider.twitch.token-uri=https://id.twitch.tv/oauth2/token
spring.security.oauth2.client.provider.twitch.user-info-uri=https://id.twitch.tv/oauth2/userinfo
spring.security.oauth2.client.provider.twitch.user-name-attribute=preferred_username

my controller:

@RestController
@RequestMapping(“/”)
public class DemoController {
@GetMapping
public String getPublic(){
return “Hello from public”;
}
@GetMapping(“secure”)
public String getSecure(){
return “Hello from secure”;
}
}

my configuration:

@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(auth → {
auth.requestMatchers(“/”).permitAll();
auth.anyRequest().authenticated();
})
.oauth2Login(Customizer.withDefaults())
.formLogin(Customizer.withDefaults())
.build();
}
}

my dependencies:

<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-oauth2-client</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
	</dependency>
</dependencies>

What endpoints are you trying to use? The only scope you’re requesting is user:read:email so your token wont have the permissions to use most endpoints that require a User token as most require scopes more specific to the endpoint.

1 Like

I successfully obtained the code from the Twitch API and used it to acquire an access token. However, it seems that I need to add some filters in the SecurityConfig to validate the returned token. Despite my research, I couldn’t find the right approach on how to do this. I still cannot access my secure endpoints with the obtained token.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.