Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]

DZone 's Guide to

Spring Boot: Solving OAuth2 ERR_TOO_MANY_REDIRECTS [Snippet]

We take a look at how to solve an issue you may come up against when integrating OAuth 2 with your Spring Boot project.

· Java Zone ·
Free Resource

Problem: When redirecting back to your application after a successful OAuth2 authentication, the following error occurs:

Solution: This error occurs when the redirect URL set under the authorization service (Google, Facebook, etc) is not defined as a permitted URL inside your application.

The permitted URL is the one that can be accessed without authentication.

When the authorization service redirects to a non-permitted URL, the application will redirect back to the authorization service for further authentication. The process enters a loop that doesn't end, causing ERR_TOO_MANY_REDIRECTS to occur.

In order to permit the access to the callback URL with Spring Boot, you need to extend WebSecurityConfigurerAdapter and override the security configuration as follows:

public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {
            .antMatchers("/", "/login**","/callback/", "/webjars/**", "/error**")


In the above block, we consider /callback our redirect URL, so we permit access to it using permitAll() while we still secure the access for other URLs.

ERR_TOO_MANY_REDIRECTS, WebSecurityConfigurerAdapter, java, oauth 2, spring security, sprint boot

Published at DZone with permission of Hussein Terek , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}