Java Spring MVC Auth0 SSO not getting tokens (no Spring Boot)

Question

I'm trying to get SSO up and running. So when I sign in on a different application (on the same auth0 domain) and go to the login page of my application I want my application to automatically log me in.

I managed to get the first parts running and I received an authorization code from auth0. But when I try to retrieve the tokens they are all null.

my redirectuUri and clientSecret are correct and I assume the authorization code returned earlier is correct aswell.

It seems as if the request doesn't return any tokens. They are all null.

Where do I start to find out what's going wrong? Thanks!

public Tokens getTokens(final String authorizationCode, final String redirectUri) {
    Validate.notNull(authorizationCode);
    Validate.notNull(redirectUri);
    System.out.println("Sending request with code to retrieve tokens.");
    final Credentials creds = authenticationAPIClient
            .token(authorizationCode, redirectUri) 
            .setClientSecret(clientSecret).execute();       
    return new Tokens(creds.getIdToken(), creds.getAccessToken(), creds.getType(), creds.getRefreshToken());
}

Answer 1

If using the Auth0 Spring MVC Library (not Spring Security MVC) - then best place to stick a breakpoint would at the top of the Callback Controller's handle method

You can then step through / step in - and inspect what is going on. This method calls getTokens and that delegates to Auth0ClientImpl which is the code block you reference in the question.

Check your ClientId, ClientSecret and Domain are all correct - and if your code is reaching this method - that the code / redirectURI being passed in are also correct. Would check the Auth0 logs from the Dashboard too, and determine if any successful authentication events are recorded.

Finally, please can you confirm which version of auth0-java (maven POM dependency / gradle dependency) you are using - and which version of the auth0-spring-mvc library you are referencing also.

For SSO Specific Examples - plain Spring falls between two stools as I wrote one for plain java and one for Spring Security MVC - but you should get a good idea of what is going on by studying these two samples:

Auth0 Servlet SSO Sample

Auth0 Spring Security SSO Sample

In particular, study the JSP pages since that is where the SSO checks and auto-login logic lives. Ensure too that you enable SSO on the Settings of each of your Clients defined in your Auth0 tenant.

Disclaimer: am the author of the above libraries - please leave me comments below if you still have problems and require any clarifications.