A Quick Guide to OAuth 2.0 with Spring Security
Learn how to build an OAuth 2.0 Authorization Server with Spring Boot and Spring Security.
Bjorn Harvold
Great post Andrew!
cloud4288
wow, Okta starter just works, and it’s very simple. Thank you for this post!
Jianjun
Great post. One typo on this line:
"That’s your resource server! Not too bad"
It should read:
That’s your auth server!
Matt Raible
Thanks for letting us know! Fixed.
Jessica Nandal
On the first example: Always getting 401 Error not authorized.
Matt Raible
You might try comparing your code to the example on GitHub. I ran through the tutorial myself and can confirm everything works.
Sajal
I am getting invalid token Id with Openid client application. After successful login with okta credentials, it gives a login error saying invalid_id_token
Jessica Nandal
I downloaded the example and changed only the client and secret keys…
Matt Raible
This happens when you’re using your org’s authorization server at https://dev-123456.okta.com instead of https://dev-123456.okta.com…. Can you try changing it and see if this still happens?
Matt Raible
You need to change the issuer in application.yml to match your Okta org. Can you please try this and let me know if it helps?
Sajal
The root cause of the issue was found that my system time had around 2 minute of delay. OAuth validation check was throwing token validity exception.
koeu
i have a question. i have implemented the authorization and resource server and my own client spring boot app. The tutorial works. Now i tray to call an other RestController using HttpConnection to get other resources from the server but i get always an unauthorized. Can you help me? For example, If i want to call the /user/me method on my own, how can i implement it?
An other question, this example works without an access token, or?
Evan Hines
Would it be possible to how to use a custom login page with Okta as the provider using Spring Security?
Matt Raible
You can customize our Sign-In Widget and embed it in a page. For an example, see https://github.com/okta/sam…. If you want to actually customize Spring Security’s Login form and use Okta, capturing the user’s password is an anti-pattern that we don’t recommend.
Matt Raible
I’m not sure I understand your question. Can you please ask it on our developer forums. More people will see it there.
Patrick Shi
still return
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized
Matt Raible
Hello Patrick,
Make sure your issuer ends with “/oauth2/default”. I’ve seen this error happen when you’re using an issuer without this path, or using an invalid client ID.
Venkat naga Sai
I am getting the below exception while i am running the SpringBootOauthClientApplication app as discussed above. can u please tell me what i am missing.
Matt Raible
I’d make sure you have the proper values in your application.yml. If you do, maybe you’re using a newer version of Spring Boot? This tutorial works with Spring Boot 2.1. It might not work with 2.2.