Spring Boot and OIDC login with Gitpod

Question

I'm trying to get a Spring Boot app running on Gitpod that I can log in to with OpenID Connect (OIDC). I'm using @oktadev/auth0-spring-boot-passkeys-demo from GitHub. Everything works fine when I run it locally.

I have it working so it redirects back to my app after logging in to Auth0. However, the code-for-token exchange after that fails. The error in my Auth0 Dashboard says "Unauthorized":

{
  "date": "2024-01-12T19:43:09.157Z",
  "type": "feacft",
  "description": "Unauthorized",
  "connection_id": "",
  "client_id": null,
  "client_name": null,
  "ip": "34.105.96.106",
  "user_agent": "Other 0.0.0 / Linux 6.1.66",
  "details": {
    "code": "******************************************N29"
  },
  "hostname": "dev-06bzs1cu.us.auth0.com",
  "user_id": "",
  "user_name": "",
  "auth0_client": {
    "name": "okta-spring-security",
    "env": {
      "spring": "6.1.2",
      "java": "21.0.1",
      "spring-boot": "3.2.1",
      "spring-security": "6.2.1"
    },
    "version": "3.0.6"
  },
  "log_id": "90020240112194309196948000000000000001223372061311523769",
  "_id": "90020240112194309196948000000000000001223372061311523769",
  "isMobile": false,
  "id": "90020240112194309196948000000000000001223372061311523769"
}

In my browser, it says:

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]

I enabled trace logging for Spring Security in application.properties:

logging.level.org.springframework.security=trace

It shows the following error:

2024-01-13T18:57:37.442Z DEBUG 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Securing GET /oauth2/authorization/okta
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/16)
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/16)
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/16)
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/16)
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking CorsFilter (5/16)
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (6/16)
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (7/16)
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout']
2024-01-13T18:57:37.442Z TRACE 3391 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/16)
2024-01-13T18:57:37.443Z DEBUG 3391 --- [nio-8080-exec-7] o.s.s.web.DefaultRedirectStrategy        : Redirecting to https://dev-06bzs1cu.us.auth0.com/authorize?response_type=code&client_id=r6jm3HVTz12YmxRCdZ1rWTZNQST7gEvz&scope=profile%20email%20openid&state=x86P_R-kX3LczSA-n_gDDgY8sFPOijhJHb6QMsf8E5E%3D&redirect_uri=http://8080-oktadev-auth0springboot-j691oeruapd.ws-us107.gitpod.io/login/oauth2/code/okta&nonce=t3KqIkXDRcY8RUDab4GtMSN-EZJrqyJJOJinXhyhAk8
2024-01-13T18:57:37.443Z TRACE 3391 --- [nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@2e4eda17, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7b5021d1, org.springframework.security.web.context.SecurityContextHolderFilter@6fbf5db2, org.springframework.security.web.header.HeaderWriterFilter@50cdfafa, org.springframework.web.filter.CorsFilter@6befbb12, org.springframework.security.web.csrf.CsrfFilter@794240e2, org.springframework.security.web.authentication.logout.LogoutFilter@37d3e140, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@2b441e56, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@4662752a, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3ab595c8, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@21d9cd04, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@57cabdc3, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@75bd28d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@799f354a, org.springframework.security.web.access.ExceptionTranslationFilter@70d4f672, org.springframework.security.web.access.intercept.AuthorizationFilter@760f1081]] (1/1)
2024-01-13T18:57:57.562Z DEBUG 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Securing GET /login/oauth2/code/okta?code=8t5psmw2cbb3OMfxTmyEwt5L343UvUGCQOgoEVP6h6FLu&state=x86P_R-kX3LczSA-n_gDDgY8sFPOijhJHb6QMsf8E5E%3D
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/16)
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/16)
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/16)
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/16)
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking CorsFilter (5/16)
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (6/16)
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (7/16)
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout']
2024-01-13T18:57:57.562Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/16)
2024-01-13T18:57:57.563Z TRACE 3391 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/16)
2024-01-13T18:57:57.563Z TRACE 3391 --- [nio-8080-exec-8] o.s.s.authentication.ProviderManager     : Authenticating request with OAuth2LoginAuthenticationProvider (1/3)
2024-01-13T18:57:57.563Z TRACE 3391 --- [nio-8080-exec-8] o.s.s.authentication.ProviderManager     : Authenticating request with OidcAuthorizationCodeAuthenticationProvider (2/3)
2024-01-13T18:57:57.815Z DEBUG 3391 --- [nio-8080-exec-8] .s.a.DefaultAuthenticationEventPublisher : No event was found for the exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
2024-01-13T18:57:57.815Z TRACE 3391 --- [nio-8080-exec-8] .s.o.c.w.OAuth2LoginAuthenticationFilter : Failed to process authentication request

org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]
        at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.getResponse(OidcAuthorizationCodeAuthenticationProvider.java:178) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate(OidcAuthorizationCodeAuthenticationProvider.java:146) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-6.2.1.jar:6.2.1]
        at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:196) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.2.jar:6.1.2]
        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:225) ~[spring-security-config-6.2.1.jar:6.2.1]
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.1.2.jar:6.1.2]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.2.jar:6.1.2]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.17.jar:10.1.17]
        at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
Caused by: org.springframework.security.oauth2.core.OAuth2AuthorizationException: [invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized: [no body]
        at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getResponse(DefaultAuthorizationCodeTokenResponseClient.java:99) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(DefaultAuthorizationCodeTokenResponseClient.java:78) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(DefaultAuthorizationCodeTokenResponseClient.java:56) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.getResponse(OidcAuthorizationCodeAuthenticationProvider.java:172) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        ... 70 common frames omitted
Caused by: org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized: [no body]
        at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:106) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:183) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:137) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:932) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:881) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:721) ~[spring-web-6.1.2.jar:6.1.2]
        at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getResponse(DefaultAuthorizationCodeTokenResponseClient.java:92) ~[spring-security-oauth2-client-6.2.1.jar:6.2.1]
        ... 73 common frames omitted

I've tried changing from using the Okta Spring Boot starter to spring-boot-starter-oauth2-client (with Spring Security properties). The same error happens, so I'm pretty sure it's related to Gitpod. It is able to connect to Auth0 on startup. I know this because I fat-fingered the issuer and it fails to start when it's invalid.

Answer 1

I was curious with Gitpod and created this repo to try it.

It worked like a charm. As mentioned in the comment to your question, you probably forgot to configure the spring.security.oauth2.client.* properties correctly.

In the case of the repo above, I hardcoded the client-id in porperties.yaml but used a VScode launch configuration to avoid persisting the client-secret in Github repo. When using this launch configuration in Gitpod (and after adding the valid redirect URI with container name to Auth0), the user login works and the template displays the user subject.