Hello Team,
I am trying to establish authorization between a web application (non OKTA) and spring boot resource server and followed the approach in below links, get bad request when trying to get access token from web application.
RSAPrivateKeySpec rsaKey = new RSAPrivateKeySpec(new BigInteger(1, Base64.getUrlDecoder()
.decode("rII5ofpQRVZw2ZSCDqBGHxsHsWfukjp1")),
new BigInteger(1,Base64.getUrlDecoder().decode("hAnA***GoQ")));
KeyFactory factory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = factory.generatePrivate(rsaKey);
String jwt = Jwts.builder()
.setAudience(<Dev OKTA Custom Server>)
.setIssuedAt(Date.from(now))
.setExpiration(Date.from(now.plus(5L, ChronoUnit.MINUTES)))
.setIssuer("0x7")
.setSubject("0o4x7")
.setId(UUID.randomUUID().toString())
.signWith(privateKey)
.compact();
// Rest call
MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
headers.set("Content-Type", "application/x-www-form-urlencoded");
headers.set("Accept", "application/json");
MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
body.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
body.set("grant_type", "client_credentials");
body.set("client_assertion", jwt);
body.set("scope", "okta.users.read");
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(body, headers);
ResponseEntity<String> response = restTemplate.exchange(<OKTA Dev Custom Server Token URL>,HttpMethod.POST, entity, String.class);
//
kindly support and also correct me if my understanding is wrong.
Thank you