Learn how to build an OAuth 2.0 Authorization Server with Spring Boot and Spring Security.
Great post Andrew!
wow, Okta starter just works, and it’s very simple. Thank you for this post!
Great post. One typo on this line:
"That’s your resource server! Not too bad"
It should read:
That’s your auth server!
Thanks for letting us know! Fixed.
On the first example: Always getting 401 Error not authorized.
You might try comparing your code to the example on GitHub. I ran through the tutorial myself and can confirm everything works.
I am getting invalid token Id with Openid client application. After successful login with okta credentials, it gives a login error saying invalid_id_token
I downloaded the example and changed only the client and secret keys…
You need to change the issuer in
application.yml to match your Okta org. Can you please try this and let me know if it helps?
The root cause of the issue was found that my system time had around 2 minute of delay. OAuth validation check was throwing token validity exception.
i have a question. i have implemented the authorization and resource server and my own client spring boot app. The tutorial works. Now i tray to call an other RestController using HttpConnection to get other resources from the server but i get always an unauthorized. Can you help me? For example, If i want to call the /user/me method on my own, how can i implement it?
An other question, this example works without an access token, or?
Would it be possible to how to use a custom login page with Okta as the provider using Spring Security?
You can customize our Sign-In Widget and embed it in a page. For an example, see https://github.com/okta/sam…. If you want to actually customize Spring Security’s Login form and use Okta, capturing the user’s password is an anti-pattern that we don’t recommend.
I’m not sure I understand your question. Can you please ask it on our developer forums. More people will see it there.
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: 401 Unauthorized
Make sure your issuer ends with “/oauth2/default”. I’ve seen this error happen when you’re using an issuer without this path, or using an invalid client ID.
Venkat naga Sai
I am getting the below exception while i am running the SpringBootOauthClientApplication app as discussed above. can u please tell me what i am missing.
I’d make sure you have the proper values in your application.yml. If you do, maybe you’re using a newer version of Spring Boot? This tutorial works with Spring Boot 2.1. It might not work with 2.2.