Spring Security - Google OAuth 2.0 - UnknownHostException www.googleapis.com

12/30/2019

I've implemented Google oauth login based on this tutorial: https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-1/

It is working correctly when app is run locally. However, after deploying it on GKE, I'm unable to log in - flow fails with the following error:

error: [invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "https://www.googleapis.com/oauth2/v4/token": www.googleapis.com; nested exception is java.net.UnknownHostException: www.googleapis.com

Which comes from OAuth2AccessTokenResponseClient

As I said before, it's working fine when run on localhost and I'm unable to debug it. The app is deployed with Ingress using a static IP. I've assigned that IP to my domain very recently. Domain is registered in Google APIs Authorised redirect URIs

-- Adrian
google-kubernetes-engine
google-oauth2
oauth-2.0
spring-security
spring-security-oauth2

2 Answers

12/31/2019

The problem was that kube-dns pods dind't get up. I set up a preemptible cluster and added a taint to it's only node pool. That prevented kube-dns from starting:

Normal   NotTriggerScaleUp  61s (x22798 over 2d18h)  cluster-autoscaler  pod didn't trigger scale-up (it wouldn't fit if a new node is added): 1 node(s) had taints that the pod didn't tolerate
Warning  FailedScheduling   44s (x141 over 26h)      default-scheduler   0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.

After removing the taint hostname got resolved

-- Adrian
Source: StackOverflow

12/31/2019

Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications. Please have a look at this link.

We can follow the below steps for obtaining OAuth 2.0 access tokens. Step 1: Generate a code verifier and challenge Step 2: Send a request to Google's OAuth 2.0 server Step 3: Google prompts user for consent Step 4: Handle the OAuth 2.0 server response Step 5: Exchange authorization code for refresh and access tokens

-- Nazmul Haque
Source: StackOverflow