Spring Boot Social Twitter Authentication fails

0
votes

I have a project on Spring Boot, in which I need to implement authorization via Twitter.

What could be simpler? - I asked myself, and then I got stuck for a few days.

The problem is that the most of the libraries I've tried (listening for /connect/twitter or /signin/twitter) return the same response

Invalid cookie header: "set-cookie: personalization_id=""; Expires=Tue, 28 Jul 2020 20:04:39 GMT; Path=/; Domain=.twitter.com". Invalid 'expires' attribute: Tue, 28 Jul 2020 20:04:39 GMT

My attention was attracted by the phrase:

Invalid 'expires' attribute

this can be solved by configuring RestTemplate, but the problem is that it is deeply created in the configurations and hidden by the private final fields. I think that there should exist a decision better than playing with reflection API, I just don't see it

Perhaps someone will be able to suggest the correct way of authorization through Twitter.

Tested Versions:

  • Spring Boot versions from 1.5.14 to 2.0.3
  • org.springframework.social:spring-social-twitter from 1.1.2 to 2.0.0.M4
  • spring-boot-starter-social-twitter up to 2.0.0.M4

P.S. Facebook was perfectly working with spring-security-oauth2-jose and spring-security-oauth2-client, but twitter is not configured as a provider in it

Provider ID must be specified for client registration 'twitter'

2
spring-boottwitter-oauthspring-socialspring-oauth2spring-social-twitter

2 Answers

0
votes

This sounds like you need to configure the RestTemplate to use the standard cookie spec. This could be achieved by setting the cookieSpec on the RequestConfig.Builder and then via the HttpComponentsClientHttpRequestFactory to finally create the RestTemplate. Somethning like:

@Bean
public RestTemplate restTemplate() {
    RequestConfig requestConfig = RequestConfig.custom()
        .setCookieSpec(CookieSpecs.STANDARD)
        .build();
    HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
    factory.mergeRequestConfig(requestConfig);

    return new RestTemplate(factory);
}

Sorry, currently I don't have an IDE/javac available so this might not compile.

0
votes

Use this to configure your RestTemplate Bean to use standard cookie specs

@Bean
public RestTemplate restTemplate() {
    return new RestTemplate(getClientHttpRequestFactory());
}

private HttpComponentsClientHttpRequestFactory getClientHttpRequestFactory() {
    HttpComponentsClientHttpRequestFactory clientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory();
    clientHttpRequestFactory.setHttpClient(getHttpClient());
    return clientHttpRequestFactory;
}

private HttpClient getHttpClient() {
    return HttpClients.custom()
            .setDefaultRequestConfig(RequestConfig.custom()
            .setCookieSpec(CookieSpecs.STANDARD).build())
            .build();
}