IllegalArgumentException: issuer cannot be empty

[mraible]

I'm working with @starbuxman to develop a reactive microservices stack for our Devoxx talk. Using 0.2.0 of this library throws the following error after I integrate things:

Caused by: java.lang.IllegalArgumentException: issuer cannot be empty
    at org.springframework.util.Assert.hasText (Assert.java:276)
    at com.okta.spring.oauth.discovery.OidcDiscoveryClient.<init> (OidcDiscoveryClient.java:36)
    at com.okta.spring.oauth.OktaPropertiesMappingEnvironmentPostProcessor.discoveryPropertiesSource (OktaPropertiesMappingEnvironmentPostProcessor.java:137)
    at com.okta.spring.oauth.OktaPropertiesMappingEnvironmentPostProcessor.postProcessEnvironment (OktaPropertiesMappingEnvironmentPostProcessor.java:95)
    at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent (ConfigFileApplicationListener.java:170)
    at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent (ConfigFileApplicationListener.java:156)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener (SimpleApplicationEventMulticaster.java:172)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener (SimpleApplicationEventMulticaster.java:165)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent (SimpleApplicationEventMulticaster.java:139)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent (SimpleApplicationEventMulticaster.java:127)
    at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared (EventPublishingRunListener.java:73)
    at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared (SpringApplicationRunListeners.java:54)
    at org.springframework.boot.SpringApplication.prepareEnvironment (SpringApplication.java:349)
    at org.springframework.boot.SpringApplication.run (SpringApplication.java:317)

Steps to reproduce:

git clone git@github.com:mraible/cloud-native-pwas.git
cd cloud-native-pwas/kotlin-reactive/edge-service

Modify pom.xml to add this library:

<dependency>
	<groupId>com.okta.spring</groupId>
	<artifactId>okta-spring-boot-starter</artifactId>
	<version>0.2.0</version>
</dependency>

Add properties to src/main/resources/application.properties:

okta.oauth2.issuer=https://dev-158606.oktapreview.com/oauth2/default
okta.oauth2.clientId=XXX
okta.oauth2.clientSecret=XXX

Run ./mvnw spring-boot:run.

[mraible]

This happens incloud-native-pwas/kotlin-basic/edge-service as well. This is a regular Spring Boot 2.0.0.M5 app.

[peavers]

Just noting I faced the same issue when using with Spring Cloud Dalston.SR4; My only solution was to move the okta.oauth2.issuer config to the bootstrap.yml file rather than application.yml which did work, however isn't a proper solution.

[ricard0javier]

got the same issue; moving the properties to the bootstrap file works for me as well. The problem is that they should be retrieved from an external Properties source as Consul or Vault.

[mraible]

I tried create a src/main/resources/bootstrap.yml with the following:

okta:
  oauth2:
    issuer: https://dev-158606.oktapreview.com/oauth2/default
    clientId: XXX
    clientSecret: YYY

However, I still get the same issue on startup. Am I creating the file in the correct location?

2017-11-06 12:35:01.507 ERROR 58475 --- [           main] o.s.boot.SpringApplication               : Application startup failed

java.lang.IllegalArgumentException: issuer cannot be empty
        at org.springframework.util.Assert.hasText(Assert.java:276) ~[spring-core-5.0.0.RELEASE.jar:5.0.0.RELEASE]
        at com.okta.spring.oauth.discovery.OidcDiscoveryClient.<init>(OidcDiscoveryClient.java:36) ~[okta-spring-security-oauth2-0.2.0.jar:0.2.0]
        at com.okta.spring.oauth.OktaPropertiesMappingEnvironmentPostProcessor.discoveryPropertiesSource(OktaPropertiesMappingEnvironmentPostProcessor.java:137) ~[okta-spring-security-oauth2-0.2.0.jar:0.2.0]
        at com.okta.spring.oauth.OktaPropertiesMappingEnvironmentPostProcessor.postProcessEnvironment(OktaPropertiesMappingEnvironmentPostProcessor.java:95) ~[okta-spring-security-oauth2-0.2.0.jar:0.2.0]
        at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:170) ~[spring-boot-2.0.0.M5.jar:2.0.0.M5]

[haichauofficience]

@mraible I'm facing the same issue like this. Did you solve your problem?

[bdemers]

@haichauofficience was fixed in the 0.3.0 release (just promoted, so it could take a couple hours to show up on Maven Central)

[haichauofficience]

@bdemers Ok, thank you very much.

[haichauofficience]

@bdemers I still don't see the new version on Maven Central so far. Could you please check it out?

[bdemers]

How about now? http://mavencentral.sonatype.com/#artifactdetails%7Ccom.okta.spring%7Cokta-spring-boot-starter%7C0.3.0%7Cjar

[ijer-web]

ERROR TypeError: Cannot read property 'issuer' of undefined.
Absolutely the same problem.

[bdemers]

@ijer-web which version?

[ijer-web]

@bdemers angular 6

[bdemers]

@ijer-web sorry, I meant which version of ‘Okta-spring-boot-starter’

[ijer-web]

"@okta/okta-angular": "^1.0.1", "@okta/okta-auth-js": "^1.17.0", "@okta/okta-signin-widget": "^2.8.0", I used official manual "Angular Update Guide" https://update.angular.io/ After attempts and investigations i found that Current Okta and Okta's modules don't work with angular 6. Firstly, commangs "ng update @angular/core" and ng update @angular/cli leaded to note ` "@okta/okta-angular": "^1.0.1", "@okta/okta-auth-js": "^1.17.0", "@okta/okta-signin-widget": "^2.9.0" work onlet with angular version >5.0 and less 5.99.` and refused to install updates. But I set 'package.json ' manually and forced to install updates to version 6. Project was build, but Secondly SPA started to show "ERROR TypeError: Cannot read property 'issuer' of undefined". I found, that it famous error wth OKTA and Angular 6. okta/okta-oidc-js#176 https://devforum.okta.com/t/okta-angular-okta-samples-js-angular-sample-applications/1518 I tried to change property 'issuer' location, set value in component, change environment files, change config, change build and serve settings. but all of that was ineffectually.. 2018-05-21 19:15 GMT+03:00 Brian Demers <notifications@github.com>:

…

Reopened #23 <#23>. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#23 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AOnJVe33Km4pCnfVnPJH3QYbaIeKT3Byks5t0ugKgaJpZM4QSChl> .

-- C уважением, Игорь Петрашевский.

[mraible]

I’ve been able to get the Okta Sign-In Widget working with Angular 6 without any issues. See https://developer.okta.com/blog/2018/05/09/upgrade-to-angular-6 for more information.

…

On May 23, 2018, at 01:40, Ihar ***@***.***> wrote: ***@***.***/okta-angular": "^1.0.1", ***@***.***/okta-auth-js": "^1.17.0", ***@***.***/okta-signin-widget": "^2.8.0", I used official manual "Angular Update Guide" https://update.angular.io/ After attempts and investigations i found that Current Okta and Okta's modules don't work with angular 6. Firstly, commangs "ng update @angular/core" and ng update @angular/cli leaded to note ` ***@***.***/okta-angular": "^1.0.1", ***@***.***/okta-auth-js": "^1.17.0", ***@***.***/okta-signin-widget": "^2.9.0" work onlet with angular version >5.0 and less 5.99.` and refused to install updates. But I set 'package.json ' manually and forced to install updates to version 6. Project was build, but Secondly SPA started to show "ERROR TypeError: Cannot read property 'issuer' of undefined". I found, that it famous error wth OKTA and Angular 6. okta/okta-oidc-js#176 https://devforum.okta.com/t/okta-angular-okta-samples-js-angular-sample-applications/1518 I tried to change property 'issuer' location, set value in component, change environment files, change config, change build and serve settings. but all of that was ineffectually.. 2018-05-21 19:15 GMT+03:00 Brian Demers ***@***.***>: > Reopened #23 <#23>. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#23 (comment)>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/AOnJVe33Km4pCnfVnPJH3QYbaIeKT3Byks5t0ugKgaJpZM4QSChl> > . > -- C уважением, Игорь Петрашевский. — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

[bdemers]

The Okta starter should be working with cloud config now as of 0.3.0+

[PradeepKumarAurotfp]

@bdemers - We are using okta spring boot satarter 0.6.0 and I am facing the same issue

[bdemers]

@PradeepKumarAurotfp what props are returned from your config server?

[PradeepKumarAurotfp]

@bdemers - I am able to get the following properties from the vault
mongo properties
spring.data.mongodb.username=${mongodb.username}
spring.data.mongodb.password=${mongodb.password}

okta properties
okta.oauth2.client-id={okta.clientId}

[bdemers]

@PradeepKumarAurotfp no issuer?
Have you tried okta.oauth2.clientId?

[PradeepKumarAurotfp]

@bdemers Thank you, it works for me. What I changed was, I added the properties in vault as you mentioned using following keys and removed the properties from the application.properties file (which were there earlier).

okta.oauth2.clientId
okta.oauth2.issuer

Although it works this way. I am still not able to understand why id does not work for issuer and works for client it when i keep following properties in application.properties

okta.oauth2.clientId=${account.clientId}
okta.oauth2.issuer=${account.issuer}

values saved in vault using key account.clientId and account.issuer

[bdemers]

@PradeepKumarAurotfp thanks for the follow up!

I'll guessing it has to do with the order at which property sources are defined when cloud-config is added (pure speculation though)

[prasadkolasani]

@bdemers This is nice article which is working nice. https://developer.okta.com/blog/2018/04/02/client-creds-with-spring-boot

But my problem is, when I tried same using spring-starter-web (instead of commandliner), then it is always redirecting to login page. Is there any way we can directly authenticate similar to commandLiner instead of redirecting to login page? Please help.

[bdemers]

@prasadkolasani I'm not sure i'm following your question. Your best bet might be to post to our dev forum: https://devforum.okta.com