This tutorial shows how to build a CRUD application with Kotlin and React.
I’m getting a 400 bad request when trying to login in the final step (instead of being directed to okta login page). Any ideas?
Does it say that you have an invalid redirect URI? If so, look at what it has for the “redirect_uri” parameter in the address bar, then make sure your app has this value whitelisted as a Login Redirect URI on Okta.
Great tutorial! Only thing missing is adding in the spring security dependencies here: https://developer.okta.com/…
The Okta Spring Boot starter will bring in the correct Spring Security dependencies, so you don’t need the first dependency you mention. The
spring-security-test library is nice for testing, but there are no tests in this tutorial. If you do use it, you should use
testImplementation instead of
Ah, thanks! Must’ve been an intellij syncing dependencies issue. Also, very minor but I found a small bug in the UI code, here’s a PR: https://github.com/oktadeve…
Thank you! I’ll get this post updated and credit you with the fix.
Thanks for the post. In case anyone else hit the same issue I did, the proxy property setting in package.json was not working properly for me. This was causing the api request to the server to fail until I made the changes mentioned here: https://stackoverflow.com/q….
I just tried the instructions in this tutorial (via my handy demo script) and everything worked fine with
“proxy”: “http://localhost:8080”. I suspect you’re trying to do something a bit more complicated. Thanks for the tip!
As soon as I open inside IntelliJ for the first time the build fails immediately, the only display I get is "starting gradle daemon…"
I haven’t seen this error before. Are you creating your app following this tutorial, or cloning the example repo? You might try cloning the repo, configuring it to use your Okta settings, and running
./gradlew bootRun from the command line.
would be nice to add CSRF support to this sample instead of having to refer to a separate one
You are right. In my experience, you don’t need CSRF unless you’re on the same domain. Also SameSite cookies might make it so CSRF isn’t necessary.
I recommend checking out JHipster. It allows you to create apps like the one here, but with much less code.
im getting error after click login button: it says user not assigned. any idea why im getting this?
If you used the Okta CLI to create your OIDC app, everything should work as expected. This is because it assigns your app to the Everyone group by default. If you use the Okta Admin Console to create your app, it currently doesn’t assign any groups by default. This should be fixed soon so the console has the same behavior as our CLI.
Can you update to function components and hooks?
No, but we’ll keep it in mind for a future post. In the meantime, you can check out other React posts.
Im working on a conversion. I can submit a PR if you want?
That’d be great!
Hi Matt, first of all, I love your guides and tutorials, they’ve been incredibly useful to me.
These last few months I’ve been trying to understand OAuth 2.0 with PKCE for optimally securing a React SPA that needs to communicate with a microservice ecosystem (just a couple of services for now), together with Okta for all auth purposes. Up until now, I was almost certain that I needed to implement a BFF pattern with: my SPA, a BFF with Spring Boot where I could securely store the access token, and maintain a secure session cookie between my FE and BFF (so that my SPA could make use of the stored token); then, my microservices would validate the token via introspection to Okta on each call.
Now, I’m afraid I might’ve overcomplicated things, and frustrated that I can’t seem to find what’s appropriate for my application with proper justification. Reading this article I get that I might also be able to just have my SPA talk directly to the microservices, without the need for BFF pattern, is that correct? Would that be secure enough? If not, was I in the right track before? Once I get the access token, how would you recommend I store it?