I have integrated Spring webflux security to Okta OIDC login. I am able to login successfully through okta tile or hitting application URL. But I am facing CORS when I hit on logout or redirecting to login page.
I have added the application URL in Okta’s Trusted Origin(in path Security ->. API-> Trusted Origin) but no luck.
Are you using the /logout endpoint? As it does not support CORS. You must redirect the browser to this endpoint to complete logout.
Ensure you have properly configured CORS in your Spring Security configuration. In a WebFlux application, this might involve explicitly allowing CORS requests in your security configuration class.
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.cors().and() // Enable CORS and configure below
.authorizeExchange()
.pathMatchers("/logout", "/login").permitAll() // Double check these paths aren't authenticated
.anyExchange().authenticated()
.and().oauth2Login() // OAuth2 login configuration
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/"); // Change to your required logoutbehaviour
return http.build();
}
// Define the CORS configuration
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration corsConfig = new CorsConfiguration();
corsConfig.setAllowedOrigins(Arrays.asList("https://your-okta-domain.com", "http://localhost:3000"));
corsConfig.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
corsConfig.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
corsConfig.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfig);
return source;
}
}