Authorization Code POST call not working (?)

[lemonboston]

Hi,

I've run the services locally and tested many calls from the tutorial successfully but the POST call for Authorization Code is not working for me. Or maybe I do something incorrectly.
I get a 307 redirect to the error page, and my assumption is that the redirect would point to the login page first.

The request - response:

POST /oauth2/code HTTP/1.1
Content-Length: 124
Host: localhost:6881
Content-Type: application/x-www-form-urlencoded

response_type=code&client_id=f7d42348-c647-4efb-a52d-4c5787421e72&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauthorization

HTTP/1.1 307
status: 307
access-control-allow-headers: Content-Type
access-control-allow-headers: WWW-Authenticate
access-control-allow-headers: Authorization
server: L
location: https://localhost:6881/error
date: Tue, 17 Apr 2018 17:06:17 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET
access-control-allow-methods: POST
access-control-allow-methods: PUT
access-control-allow-methods: DELETE
access-control-max-age: 3600

I would also appreciate any help, tips on how to debug or investigate issues effectively in these services.
Is there a way to connect with remote debug from IntelliJ? I haven't found one.
I've also checked the logs (console and the log files) and I didn't see the entries from Undertow code. Is that how it is supposed to be?
(I am not up to speed with logback yet.. if there is simple snippet for the config that would simply direct everything to the console, I would be grateful for it.)

Browsing the code, this is the section in io.undertow.security.impl.FormAuthenticationMechanism that I would suspect that handles the relevant logic, but I didn't see those SECURITY_LOGGER logs printed:

    public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
        if (exchange.getRequestPath().endsWith(postLocation) && exchange.getRequestMethod().equals(Methods.POST)) {
            UndertowLogger.SECURITY_LOGGER.debugf("Serving form auth error page %s for %s", loginPage, exchange);
            // This method would no longer be called if authentication had already occurred.
            Integer code = servePage(exchange, errorPage);
            return new ChallengeResult(true, code);
        } else {
            UndertowLogger.SECURITY_LOGGER.debugf("Serving login form %s for %s", loginPage, exchange);

            // we need to store the URL
            storeInitialLocation(exchange);
            // TODO - Rather than redirecting, in order to make this mechanism compatible with the other mechanisms we need to
            // return the actual error page not a redirect.
            Integer code = servePage(exchange, loginPage);
            return new ChallengeResult(true, code);
        }
    }

Thanks in advance for any input on this.

[stevehu]

@lemonboston The post request is not completed at the moment as it is pretty much needed to integrate with customers authentication providers. For example, Active Directory, Azure or customer database etc. As there is no container in the framework, you debug it just like a plain java application. Here is the document for debugging.

https://doc.networknt.com/tutorial/common/debug/idea/

[lemonboston]

@stevehu Thank you. I've taken it to gitter - I've realized that's a better place for this question, please feel free to close this issue.

[stevehu]

This needs to be implemented for some integration use cases.