Does your resource server provide any logs? Also what does your issuer look like? Is it https://yourOrg.okta.com or https://yourOrg.okta.com/oauth2/default?
I am the author of the service, it’s basically a plain spring boot service.
Not sure what you mean by issuer.
the app for the spring boot service looks like this:
APPLICATION
Application name
MyStravaStats
Application type
Web
Allowed grant types
Client acting on behalf of itself
Client Credentials
Client acting on behalf of a user
Authorization Code
Implicit (Hybrid)
Allow ID Token with implicit grant type
Allow Access Token with implicit grant type
## LOGIN
Login redirect URIs
http://localhost:8080/login/oauth2/code/okta
https://oidcdebugger.com/debug
http://localhost:4200/redirect
http://localhost:4200/implicit/callback
https://frontend-svc-dxfkonrad.cloud.okteto.net/login/oauth2/code/okta
https://frontend-svc-dxfkonrad.cloud.okteto.net/redirect
https://frontend-svc-dxfkonrad.cloud.okteto.net/implicit/callback
https://backend-svc-dxfkonrad.cloud.okteto.net/login/oauth2/code/okta
Logout redirect URIs
http://localhost:4200
https://frontend-svc-dxfkonrad.cloud.okteto.net/
Login initiated by
App Only
Initiate login URI
http://localhost:8080/login/oauth2/code/okta
Yup, that would do it. The token you send to your resource server should be using the Default Authorization server if that’s the authorization server your resource server is validating against. Sounds like you will need to update your Angular app to use the same issuer as the one your resource server is configured to use.
the readme said also something about adding a config.json which I did and I also added this issuer there.
however, I still see the issuer as “https://dev-933944.okta.com/oauth2/default” in the providerConfiguration just before firing the request in SyncSessionClientImpl.createAuthorizedRequest.
so where does the wrong value come from? is it a bug? or maybe should I change the discoveryuri or org_URL and add the oauth2/default suffix?
Btw, I struggle to call the authorize endpoint from postman, getting an html file, maybe some parameters are wrong…
So your API/resource server and your front-end is configured to use the Default Authorization Server? And, yes, if you are referring to our okta-oidc-android library, you should make sure the discoveryUri includes /default in the path. Your mileage may vary with other libraries/SDKs, so double check the applicable reference doc to be sure you’re setting it as needed.
I’d be curious if you can find out if a manually generated token can be successfully used to access your API, because that at would likely point to a config issue on the native application.
The authorize call is usually handled through browser redirects, and that’s usually why one has trouble with it in Postman/curl. If you’re testing getting a token in Postman, you may want to check out this article that tells you how to find the authorization_code/token returned when you use the responseMode form_post.
wow, Andreas, efharisto, when I already got an intense trauma with okta (again) you kind of initially saved the day, I changed the discovery url to oktadomain + oauth2/default and I see the data coming thru… now I only get a serialization error, I see the json data.
the error I’m getting is:
Value [{“trackId”:“1wA0XArOz9iG8-fDo_RPGO1yigJ69pUcY”,“fileName”:“Lange_Samstagsausfahrt.gpx”,“providerId”:“GDrive”},{“trackId”:“0BxqyEHf6g8vyMDZzUHhHMHFldWM”,“fileName”:“Indidishiminimal.gpx”,“providerId”:“GDrive”}] of type org.json.JSONArray cannot be converted to JSONObject
a quick remedy to that? I mean, it’s a perfectly valid use case that a REST API returns an array, no?
thank you in advance.
And again, is there an elegant replacement to the authorizedRequest method as it seems to be declared obsolete?
Ah, I’ve run into a limitation like this with authorizedRequest before.
As making external calls to an API are not part of the OIDC specifications, we determined that adding more flexibility to the authorizedRequest method (so that it can be used in more use cases) was out of scope for this SDK, and have made authorizedRequest obsolete accordingly. But like you said, totally reasonable that your API is returning a JSON array (many calls to Okta’s APIs do as well).
These days we suggest using Android’s HttpURLConnection or OkHttp so that you can set the parameters as needed, so you may want to check the sample code snippets we have in our guide for how to pass in your access token in your Authorization header.
Hi Andreas,
sounds legit. I’ll test whether it works for me - thank you.
Thank you for your swift and competent help, btw I finally understood the concept of app, before I thought that one app has to cover all scenarios of access to a service which made me struggle a lot.