Create API in Java Spring Boot

otahor · April 30, 2020, 7:52pm

Hi there,

I’m planning to ask user to login to my web application, and after then, manually I would like to approve which one of them can get access to the API using access_token. If I understand correctly, they first need to login to my “Okta Web Application” and then, I can provide them access to another application, this time “Okta Service Application”. I build two application as mentioned at the example and I tried to sign in as a customer. When I signed in to the Okta Web Application, everything works well and I was able to login and see this use at my Admin Dashboard. However, I couldn’t understand how do I enable this user to get access to the Okta Service Application. My expectations was that I’ll be able to share with him through Okta a new client_id + secret_id so he can create a new token for himself. However, I add this user to almost every existing group but from the user (customer, means not Admin) side I always see the message - “You don’t have any apps.”. Any idea what can I do, or what I do wrongly?

Thanks in advance,
Ofir

dragos · May 4, 2020, 1:58am

Hi @otahor

By default, OpenID Connect applications are not displayed on the end-user dashboard in order to not bound them to a specific authorization server and have standardized state and nonce values.

If you would like to have the application displayed on the end-user dashboard, then I would recommend to have a generic endpoint that initiates the SSO to Okta (for example https://example.com/sso/okta) and add it as a Bookmark application in Okta. This application would need to be assigned to the same users that have access to the OpenID Connect application.

Once the users click on the bookmark application, they will be redirected to your generic endpoint and, from there, the authorization flow will begin.

system · January 24, 2024, 7:14pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.