Got Error message login with admin User :Invalid User

Questions OAuth/OIDC
1

Hi I am new to the Okta, I’m trying to do Okta login with OIDC+ Oauth2.0+Spring boot
Javascript code below shown here and server code not added below
var loginForm = {

    initlogin: function() {
        //this.loginFormSubmission();
        //this.loginFormEvent();
        var config = {};

config.baseUrl = /[[${oktaBaseUrl}]]/ ‘https://dev-78807276.okta.com/’;
config.clientId = /[[${oktaClientId}]]/ ‘0oa5r4fjjf5id9Q9k5d7’;
config.redirectUri = /[[${#httpServletRequest.scheme + ‘://’ + #httpServletRequest.serverName + ‘:’+#httpServletRequest.serverPort+#httpServletRequest.contextPath} + ${redirectUri}]]/ ‘http://localhost:8080’;
config.logo = ‘/images/mercury-logo.png’;
config.authParams = {
issuer: /[[${issuerUri}]]/ ‘https://dev-73943093.okta.com/oauth2/default’,
responseType: ‘code’,
state: /[[${state}]]/ ‘{state}’ || false,
scopes: /[[${scopes}]]/ [“openid”,“email”],
display: ‘page’
};

var baseUrl = ‘https://dev-78807276.okta.com/’;
//var oktaSignIn = new OktaSignIn({baseUrl: baseUrl});

new OktaSignIn(config).renderEl(
{ el: ‘#okta-login-container’ },
function (res) {
if (res.status === ‘SUCCESS’) {
console.log(‘User %s succesfully authenticated %o’, res.user.profile.login, res.user);
res.session.setCookieAndRedirect(‘https://dev-73943093.okta.com/’);
}
});

and I added server code also
I got the widget but I am unable to login to Okta login page
Please help me to resolve my issue.

2

What’s the exact error you’re getting back and do you see it rendered in the widget or in the browser console/network tab?

3

Hi @andrea ,
Thank you for response, I didn’t any error msg in my eclipse console and browser console few exceptions
I add Widget shown below and server code below and browser side console error

image
image1903×973 50.6 KB

@GetMapping(value = “/okta-custom-login”)
public ModelAndView login(@RequestParam(“state”) String state) throws MalformedURLException {

    String issuer = oktaOAuth2Properties.getIssuer();
    // the widget needs the base url, just grab the root of the issuer
    String orgUrl = new URL(new URL(issuer), "/").toString();

    ModelAndView mav = new ModelAndView("login");
    mav.addObject(STATE, state);
    mav.addObject(SCOPES, oktaOAuth2Properties.getScopes());
    mav.addObject(OKTA_BASE_URL, orgUrl);
    mav.addObject(OKTA_CLIENT_ID, oktaOAuth2Properties.getClientId());
    // from ClientRegistration.redirectUriTemplate, if the template is change you must update this
    mav.addObject(REDIRECT_URI, "http://localhost:8080");
    mav.addObject(ISSUER_URI, issuer);
    return mav;
}

and

@Configuration
static class OAuth2SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(HttpMethod.GET,"/okta-custom-login", "/css/okta.css").permitAll()
                .anyRequest().authenticated()
            .and().oauth2Client()
            .and().oauth2Login();
    }
}

browser console

image
image1917×551 63.2 KB

4

Hi @andrea ,

Browser Console

image
image1906×899 74.2 KB

image
image1920×1012 63.8 KB

image
image1920×604 61.1 KB

Network tab Response below screen shot

image
image1917×539 46.2 KB

In Eclipse console there is no error’s

5

we are follw the redirect uri is /authorization-code/callback is that correct? or wrong?

6

A 401 from /authn implies that the user creds are invalid.

Can you log the user into Okta directly with the credentials you’re providing? Is the user in question a local Okta user, or are they coming in from an external identity provider (i.e. a Federated or Social user)?