I am attempting to implement custom login in my spring boot application, working from the GitHub example code as my primary login method. I added the security config:
oauth2Login().loginPage("/custom-login")
There are some issues with the controller code:
public ModelAndView login(HttpServletRequest request,
@RequestParam(name = "state", required = false) String state,
@RequestParam(name = "nonce") String nonce) throws MalformedURLException
should probably be:
public ModelAndView login(HttpServletRequest request,
@RequestParam(name = "state", required = false, defaultValue="xoxoxo") String state,
@RequestParam(name = "nonce", required = false) String nonce) throws MalformedURLException
Having made this change and adding my origin to the CORS list for api, I’m able to get to the custom-login page. I enter my username and password, but the flow fails when fetching the token:
https://dev-########.okta.com/oauth2/{audience}/v1/authorize?client_id={clientID}&code_challenge=JDEX3gfssQVU-y0jBat8HdgpTPAX1H-DabxkQh3s4xw&code_challenge_method=S256&prompt=none&redirect_uri=https%3A%2F%2Fwww.example.com%2Fauthorization-code%2Fcallback&response_mode=okta_post_message&response_type=code&sessionToken=20111QWCbK19MBeLqg8-Fr6x2MAMieMxEs-9vC0iw10lAniGV_pw49c&state=xoxoxo&scope=profile%20email%20openid
results in
{"error":"invalid_client","error_description":"Client authentication failed. Either the client or the client credentials are invalid."}
If I remove the loginPage("/custom-login"), the login works. Clearly, some configuration parameter is messed up. Suggestions?