I have a Java spring boot based backend application that is expected to support a local authentication(DaoAuthenticationProvider) as well as OKTA (OidcAuthorizationCodeAuthenticationProvider). The Authentication object for local auth contains JWT & some claims. As part of OKTA integration, I configured spring security with “oauth2Login()” to support OKTA authentication which provides a JSESSIONID instead of JWT. The default convertor “createAuthenticationResult” strips off the access & ID tokens. I would like to define a custom Authentication object so as to coexist with current local authentication flow.
I am using the OKTA redirect approach instead of the embedded widget approach.
Any help would be appreciated.