Spring 5 Security OAuth2 Login Redirect Loop

The Redirect Loop was because the /oauth2/authorization/ endpoint was secured, thus it was triggering going back to the Web API for an access token.

I've updated my configuration to this:

@Configuration
public class SpotifySecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/home", "/login**","/callback/", "/webjars/**", "/error**", "/oauth2/authorization/**")
            .permitAll()
            .anyRequest()
            .authenticated()
            .and()
            .oauth2Login();
  }
}

The second issue was that the redirect-uri is the URI that the Web API will send the access token to Spring to be used to get the refresh token. I thought it was for a successful login. Spring already has an implementation for handling refresh tokens, but I did not know what endpoint it should use. For some reason, the redirect-uri cannot be blank, there is no default, I would get this error:

IllegalArgumentException: redirectUriTemplate cannot be empty

To use Spring's refresh token implementation I needed to set the redirect-uri to this:

redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'

redirect-uri-template is an alias for redirect-uri (they're the same variable).

I found the redirect-uri in another stackoverflow post:

authorizationGrantType cannot be null in Spring Security 5 OAuth Client and Spring Boot 2.0