Get Started with Spring Boot, OAuth 2.0, and Okta

oktadev-blog · November 21, 2017, 5:23pm

In this tutorial you’ll learn how to integrate Spring Security into a Spring Boot application, plus add authentication with OAuth using the Okta API.

oktadev-blog · January 26, 2018, 10:12pm

dennisdoubleday

I needed this additional setting in my yml file before this worked:

okta:
issuer: my-auth-server

If I didn’t have that, I got the error: java.lang.IllegalArgumentException: issuer cannot be empty

I don’t know that the last part of the configuration, userInfoUri, is about, but I left it blank and my login still worked (with the above change).

oktadev-blog · January 26, 2018, 10:29pm

dennisdoubleday

I also had to force a dependency change to “org.springframework.security.oauth:spring-security-oauth2:2.2.0.RELEASE” from the version 2.0.14.RELEASE that was automatically managed or I got:

java.lang.IllegalStateException: Error processing condition on com.okta.spring.oauth.OktaTokenServicesConfig$LocalTokenValidationConfig.jwtClaimsSetVerifier
Caused by: java.lang.ClassNotFoundException: org.springframework.security.oauth2.provider.token.store.JwtClaimsSetVerifier

oktadev-blog · January 26, 2018, 11:12pm

dennisdoubleday

Thinking more about this, my project might have been messed up because I started by following Matt’s video on youtube, but it had different configuration settings and it started with an spring-boot-okta-starter dependency, which I still have but this tutorial doesn’t. They are from the same time, so the different settings here and there are confusing.

oktadev-blog · January 29, 2018, 5:15pm

Matt Raible

What video are you referring to? You are correct that this blog post does not use the Okta Spring Boot Starter.

oktadev-blog · January 29, 2018, 5:15pm

Matt Raible

Yes, this is necessary when using the Okta Spring Boot starter with Spring Boot 1.x. It is not required with Spring Boot 2.x.

oktadev-blog · January 29, 2018, 5:36pm

dennisdoubleday

I apologize, Matt, I didn’t get the alternate configuration from your video. I looked at a lot of things and I misremembered. It actually came from here. https://github.com/okta/okt…

oktadev-blog · March 5, 2018, 7:15pm

Gnanavel

I am getting the error “Authentication Failed: Invalid token, ‘aud’ claim does not contain the expected audience of: api://default” post login redirect to the url “http://localhost:8080/authorization-code/callback”. I followed the guide https://developer.okta.com/…. I have added the setting “okta.oauth2.audience=0oa63cq555ckAt3yY1t7” to application.properties. After which I got the error “Authentication Failed: Invalid token, ‘aud’ claim does not contain the expected audience of: 0oa63cq555ckAt3yY1t7”. How to fix this issue or how could I ignore the ‘aud’ check ? Can some one help me? Thanks in advance!!

oktadev-blog · March 5, 2018, 7:38pm

Matt Raible

Are you getting this error after trying the code in this tutorial? If not, you should post your question to our Developer Forums. If so, are you using the default authorization server or one you created?

oktadev-blog · March 14, 2018, 1:36pm

Robert ten Brincke

What are the benefits over using the okta spring boot starter versus the “pure Spring” approach described here?

oktadev-blog · March 14, 2018, 2:58pm

Brian Demers

Hey @roberttenbrincke!

There are a couple things:
- Client side access token validation (optional)
- Translating group claims in the access token to Spring GrantedAuthority (optional)
- It also simplifies configuration by using discovery (but so do the later version of Spring Security OAuth)

The Okta starter just augments the out of the box Spring Security solution. I’d say if you don’t care about either of the first two, or if you are using Spring Boot 2.x stay with “pure Spring”, otherwise check out the Okta starter!

oktadev-blog · June 27, 2018, 3:59am

Charles

Matt Raible, I’m following the exact steps to reproduce your example and I’m getting errors when I try to
run spring run helloOAuth.groovy
Do I need to set some environment variables beforehand? I’ve tried opening a case, but, it’s taking them a long time to reply
22:55:51.897 [runner-0] DEBUG org.springframework.boot.context.logging.ClasspathLoggingApplicationListener - Application failed to start with classpath:
22:55:52.690 [runner-0] ERROR org.springframework.boot.SpringApplication - Application run failed
java.lang.IllegalStateException: Failed to load property source from location ‘file:./application.yml’

oktadev-blog · July 11, 2018, 10:50am

Nishant

Hi Matt, How are you? I am implementing Okta using OIDC(Spring boot 1.4.2) Can you please help me to close session of a user from Okta?

oktadev-blog · July 11, 2018, 3:22pm

Matt Raible

Hello Nishant,

I wrote a blog post last month that shows you how to implement global logout with Spring Boot and Spring Security.

oktadev-blog · July 11, 2018, 3:23pm

Matt Raible

Hello Charles,

Make sure you have application.yml in the same directory as helloOAuth.groovy. You can also out the source code on GitHub to see how things are structured. https://github.com/oktadeve…

oktadev-blog · July 11, 2018, 3:26pm

Charles

Matt,
Thanks for the reply. I finally figured it out… it was so (dumb) simple… I forgot to put a space after the semi column… Duh… Once I fixed it, worked like a charm!

oktadev-blog · July 12, 2018, 8:12am

Nishant

Thanks matt I am trying with the same example

oktadev-blog · July 13, 2018, 8:46am

Nishant

Hi Matt, Need help in logout issue. I tried attached code snippet but still getting below exception. Could you please help me in this? https://uploads.disquscdn.c… https://uploads.disquscdn.c… https://uploads.disquscdn.c…

oktadev-blog · July 16, 2018, 7:02am

Nishant

@mattraible Can you please help me in this issue? Or is it good practise to invoke okta apis using api token?

oktadev-blog · July 16, 2018, 2:55pm

Matt Raible

You need to do a redirect on your client (using location.href = {Okta logout URL}) and not use XHR to invoke the URL. You can try my example and use your Okta app info. I’m confident it works.