Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-236

Authorization flow breaks if referring to portal by IP not in redirect.url.ips.allowed


    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Master, 1.1-marketplace_7.1.0
    • Fix Version/s: Master
    • Component/s: None
    • Labels:


      This ticket is to improve the developer experience when needing to access the portal by a different IP than those listed in portal.properties by default:


      For example when running Android simulator in a VM, you can't access the host machine where portal is running through localhost.

      The OAuth 2 authorization flow relies on several redirects, to itself, to complete successfully. And the default configuration would seem ok for that because of SERVER_IP, but it is not.

      From a portal admin perspective it is not intuitive that they need to whitelist all of the portal's own IPs for the product to work.

      To improve this, relative redirection URLs should be used whenever possible.

      Steps to reproduce:

      1. Create/modify portal-ext.properties, with the following to remove any ambiguity about how SERVER_IP might resolve
      2. Start the portal
      3. Create an OAuth2 Application. Enter http://localhost:8080 for callback URI, and select the "Web application" client profile. Ensure "Authorization Code" authorization type is checked. Save. Change Client ID to "myApplication" and Client Secret to "mySecret". Save. Finally assign the application any of the available scopes.
      4. Find or assign an alternative to the portal server host. The easiest way to achieve this is to use the LAN assigned IP of the server.
      5. Let's assume the IP is then go to
      6. You will be prompted to log in, log in with test@liferay.com

      Expected result: You are shown asked to authorize the application access, and that the IP shown in the address bar remains as
      Actual result: You are redirect to




            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created:


                Version Package