I have integrated Spring webflux security to Okta OIDC login. I am able to login successfully through okta tile or hitting application URL. But I am facing CORS when I hit on logout or redirecting to login page.
I have added the application URL in Okta’s Trusted Origin(in path Security ->. API-> Trusted Origin) but no luck.
Ensure you have properly configured CORS in your Spring Security configuration. In a WebFlux application, this might involve explicitly allowing CORS requests in your security configuration class.
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.cors().and() // Enable CORS and configure below
.authorizeExchange()
.pathMatchers("/logout", "/login").permitAll() // Double check these paths aren't authenticated
.anyExchange().authenticated()
.and().oauth2Login() // OAuth2 login configuration
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/"); // Change to your required logoutbehaviour
return http.build();
}
// Define the CORS configuration
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.setAllowedOrigins(Arrays.asList("https://your-okta-domain.com", "http://localhost:3000"));
corsConfig.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
corsConfig.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
corsConfig.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfig);
return source;
}