Thomas
Very nice demo Matt, I was wondering why you created an application in Okta for both the SPA and the Spring Boot API? From my understanding of OIDC/OAuth2, wouldn’t the SPA application on Okta be enough and then set the properties in the Spring Boot app as the issuer and clientId?
Maybe I’m not quite understanding how it all works, I thought the login would return an access token (and refresh token if requested) which would be sent as a Bearer token to the API, which can validate the token validity because it knows the clientId and issuer? I don’t see what role the Spring Boot Okta app would play in this process?