Matt Raible
I’m not sure as I haven’t tried it myself. The best way would likely be to configure your Play app as a resource server (so it just validates the access token), and then have your JavaScript UI send the access token to the backend. You might be able to use our JWT Verifier for Java, but that probably won’t provide integration with the @Secure annotation.
If you’re using the Sign-In Widget because it allows customization, you can do that to the Okta hosted widget as well.