Get Started with Spring Boot, OAuth 2.0, and Okta
In this tutorial you’ll learn how to integrate Spring Security into a Spring Boot application, plus add authentication with OAuth using the Okta API.
dennisdoubleday
I needed this additional setting in my yml file before this worked:
okta:
issuer: my-auth-server
If I didn’t have that, I got the error: java.lang.IllegalArgumentException: issuer cannot be empty
I don’t know that the last part of the configuration, userInfoUri, is about, but I left it blank and my login still worked (with the above change).
dennisdoubleday
I also had to force a dependency change to “org.springframework.security.oauth:spring-security-oauth2:2.2.0.RELEASE” from the version 2.0.14.RELEASE that was automatically managed or I got:
java.lang.IllegalStateException: Error processing condition on com.okta.spring.oauth.OktaTokenServicesConfig$LocalTokenValidationConfig.jwtClaimsSetVerifier
Caused by: java.lang.ClassNotFoundException: org.springframework.security.oauth2.provider.token.store.JwtClaimsSetVerifier
dennisdoubleday
Thinking more about this, my project might have been messed up because I started by following Matt’s video on youtube, but it had different configuration settings and it started with an spring-boot-okta-starter dependency, which I still have but this tutorial doesn’t. They are from the same time, so the different settings here and there are confusing.
Matt Raible
What video are you referring to? You are correct that this blog post does not use the Okta Spring Boot Starter.
Matt Raible
Yes, this is necessary when using the Okta Spring Boot starter with Spring Boot 1.x. It is not required with Spring Boot 2.x.
dennisdoubleday
I apologize, Matt, I didn’t get the alternate configuration from your video. I looked at a lot of things and I misremembered. It actually came from here. https://github.com/okta/okt…
Gnanavel
I am getting the error “Authentication Failed: Invalid token, ‘aud’ claim does not contain the expected audience of: api://default” post login redirect to the url “http://localhost:8080/authorization-code/callback”. I followed the guide https://developer.okta.com/…. I have added the setting “okta.oauth2.audience=0oa63cq555ckAt3yY1t7” to application.properties. After which I got the error “Authentication Failed: Invalid token, ‘aud’ claim does not contain the expected audience of: 0oa63cq555ckAt3yY1t7”. How to fix this issue or how could I ignore the ‘aud’ check ? Can some one help me? Thanks in advance!!
Matt Raible
Are you getting this error after trying the code in this tutorial? If not, you should post your question to our Developer Forums. If so, are you using the default authorization server or one you created?
Robert ten Brincke
What are the benefits over using the okta spring boot starter versus the “pure Spring” approach described here?
Brian Demers
Hey @roberttenbrincke!
There are a couple things:
- Client side access token validation (optional)
- Translating group claims in the access token to Spring GrantedAuthority (optional)
- It also simplifies configuration by using discovery (but so do the later version of Spring Security OAuth)
The Okta starter just augments the out of the box Spring Security solution. I’d say if you don’t care about either of the first two, or if you are using Spring Boot 2.x stay with “pure Spring”, otherwise check out the Okta starter!
Charles
Matt Raible, I’m following the exact steps to reproduce your example and I’m getting errors when I try to
run spring run helloOAuth.groovy
Do I need to set some environment variables beforehand? I’ve tried opening a case, but, it’s taking them a long time to reply
22:55:51.897 [runner-0] DEBUG org.springframework.boot.context.logging.ClasspathLoggingApplicationListener - Application failed to start with classpath:
22:55:52.690 [runner-0] ERROR org.springframework.boot.SpringApplication - Application run failed
java.lang.IllegalStateException: Failed to load property source from location ‘file:./application.yml’
Nishant
Hi Matt, How are you? I am implementing Okta using OIDC(Spring boot 1.4.2) Can you please help me to close session of a user from Okta?
Matt Raible
Hello Nishant,
I wrote a blog post last month that shows you how to implement global logout with Spring Boot and Spring Security.
Matt Raible
Hello Charles,
Make sure you have application.yml in the same directory as helloOAuth.groovy. You can also out the source code on GitHub to see how things are structured. https://github.com/oktadeve…
Charles
Matt,
Thanks for the reply. I finally figured it out… it was so (dumb) simple… I forgot to put a space after the semi column… Duh… Once I fixed it, worked like a charm!
Nishant
Thanks matt 
I am trying with the same example
Nishant
Hi Matt, Need help in logout issue. I tried attached code snippet but still getting below exception. Could you please help me in this? https://uploads.disquscdn.c… https://uploads.disquscdn.c… https://uploads.disquscdn.c…
Nishant
@mattraible Can you please help me in this issue? Or is it good practise to invoke okta apis using api token?
Matt Raible
You need to do a redirect on your client (using location.href = {Okta logout URL}) and not use XHR to invoke the URL. You can try my example and use your Okta app info. I’m confident it works.