I have a spring boot API with a really old UI, and a client that wants to use SSO to authenticate onto our site. I have their Okta clientId, clientSecret, and issuer url. I am extremely new to SSO and hope someone can make a suggestion for best path forward. I am thinking:
client user provides their login credentials via a form on my really old UI. These are POST’d to my API
My API will take those credentials, make some sort of request to Okta
The Okta response will tell me if the auth call was successful, and if so return a JWT (we create) to the UI. If unsuccessful I will return the appropriate call.
The problem I have is I don’t think the UI can actually handle a redirect to Okta and then to our API. So, the best option I see if to have the API treat their form request as a password with Okta being the backer.
Open to ideas here, this feels wrong but I don’t see a way around it.
It looks like they have a few sample apps. The hosted-login-flow sample might match your scenario but it’s using the Okta widget to handle authentication instead.
Thank you Warren, I am reading up on the examples to see if I can use my hybrid approach. I really don’t want the redirect if possible, but maybe I can’t avoid that.
I am struggling here - I eventually created a Okta account, and application to authenticate. In the code sample above, it asks for three credentials:
issuer (found it as my url)
client-secret (generated apparently)
But I cannot find my client-Id anywhere in that portal. So when I navigate to localhost:8080. I get the redirect and then the error:
Unable to connect to the server. Please check your network connection.
Thank you, apparently I had created the wrong kind of Web app initially. When I get the Okta login dialog by running locally, I get a failure message that its unable to connect to server. In the Chrome Network debugger I see a CORS issue despite setting my trusted origin in my admin API panel.
