A Quick Guide to OAuth 2.0 with Spring Security

oktadev-blog · March 10, 2019, 4:20pm

Learn how to build an OAuth 2.0 Authorization Server with Spring Boot and Spring Security.

oktadev-blog · March 13, 2019, 7:10am

Bjorn Harvold

Great post Andrew!

oktadev-blog · March 15, 2019, 10:29am

cloud4288

wow, Okta starter just works, and it’s very simple. Thank you for this post!

oktadev-blog · April 4, 2019, 4:48pm

Jianjun

Great post. One typo on this line:
"That’s your resource server! Not too bad"

It should read:
That’s your auth server!

oktadev-blog · April 5, 2019, 6:49pm

Matt Raible

Thanks for letting us know! Fixed.

oktadev-blog · April 16, 2019, 2:05am

Jessica Nandal

On the first example: Always getting 401 Error not authorized.

oktadev-blog · April 16, 2019, 1:41pm

Matt Raible

You might try comparing your code to the example on GitHub. I ran through the tutorial myself and can confirm everything works.

oktadev-blog · April 16, 2019, 9:29pm

Sajal

I am getting invalid token Id with Openid client application. After successful login with okta credentials, it gives a login error saying invalid_id_token

oktadev-blog · April 17, 2019, 7:03pm

Jessica Nandal

I downloaded the example and changed only the client and secret keys…

oktadev-blog · April 18, 2019, 8:45pm

Matt Raible

This happens when you’re using your org’s authorization server at https://dev-123456.okta.com instead of https://dev-123456.okta.com…. Can you try changing it and see if this still happens?

oktadev-blog · April 18, 2019, 8:52pm

Matt Raible

You need to change the issuer in application.yml to match your Okta org. Can you please try this and let me know if it helps?

oktadev-blog · April 26, 2019, 5:16pm

Sajal

The root cause of the issue was found that my system time had around 2 minute of delay. OAuth validation check was throwing token validity exception.

oktadev-blog · May 15, 2019, 10:52am

koeu

i have a question. i have implemented the authorization and resource server and my own client spring boot app. The tutorial works. Now i tray to call an other RestController using HttpConnection to get other resources from the server but i get always an unauthorized. Can you help me? For example, If i want to call the /user/me method on my own, how can i implement it?
An other question, this example works without an access token, or?

oktadev-blog · May 21, 2019, 4:32pm

Evan Hines

Would it be possible to how to use a custom login page with Okta as the provider using Spring Security?

oktadev-blog · May 21, 2019, 4:42pm

Matt Raible

You can customize our Sign-In Widget and embed it in a page. For an example, see https://github.com/okta/sam…. If you want to actually customize Spring Security’s Login form and use Okta, capturing the user’s password is an anti-pattern that we don’t recommend.

oktadev-blog · May 21, 2019, 4:44pm

Matt Raible

I’m not sure I understand your question. Can you please ask it on our developer forums. More people will see it there.

oktadev-blog · August 13, 2019, 11:21am

Patrick Shi

still return
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized

oktadev-blog · August 13, 2019, 5:31pm

Matt Raible

Hello Patrick,

Make sure your issuer ends with “/oauth2/default”. I’ve seen this error happen when you’re using an issuer without this path, or using an invalid client ID.

oktadev-blog · October 29, 2019, 7:30am

Venkat naga Sai

https://uploads.disquscdn.c…

I am getting the below exception while i am running the SpringBootOauthClientApplication app as discussed above. can u please tell me what i am missing.

oktadev-blog · November 1, 2019, 5:24pm

Matt Raible

I’d make sure you have the proper values in your application.yml. If you do, maybe you’re using a newer version of Spring Boot? This tutorial works with Spring Boot 2.1. It might not work with 2.2.