Custom hosted Sign-in widget using Spring Security


I have built a application supposed to replace Okta widget to authenticate and register people into the tenant. On login it has to redirect to another application (or okta tenant)
It is using Java Spring Boot and Vaadin framework for the front-end part.

I could use the API to get authorization code then the access_token but I want to use spring security which has embedded function that I know will be more efficient and secure.

My issue is that I don’t use Okta’s widget at all and I can’t find any exemple (or didn’t understand them maybe?) to simply use user credential to authenticate to Okta.

If anyone has any tips, documentation or example I can rely on that would be perfect !

You can use Spring Security with our Okta Spring Boot starter. By default, it redirects to Okta to authenticate. If you want to contact our API directly (and not redirect the user), then you won’t be using OIDC.

Want to see how it works? This post/video should help.


I’ve already used Okta Spring Boot starter to secure an app by redirecting to Okta’s sign in widget, on that part I do understand how it works.

Here I’m trying to simply authenticate a user using a non Okta login form hosted on a webapp then on success redirect to another application.

For now I didn’t understand how to achieve this using the Okta Spring Boot starter to do this. I’m currently using the API to make a request to https://{{okta_tenant}}/api/v1/authn get the session Token using a Native APp in Okta and here I’m stuck with 2 options :

  1. Using the {{url}}/login/sessionCookieRedirect endpoint → request succeed but still redirects to Okta’s Sign in page
  2. Using [Overview | Okta Developer](Retrieving a session cookie via OpenID Connect Authorization Endpoint ) → Getting 404

Also my second app is waiting for OAuth2 authentication