How to Build a JavaFX Desktop App with OIDC Authentication
This tutorial shows you how to add OAuth 2.0 authorization and OIDC authentication in a JavaFX desktop app.
Aÿaz Péraçhaa
HI Andrew,
Thanks for a fantastic tutorial. Bravo!!
I have one question. I am able to compile the code and run it.
My user agent is running but giving me a blank screen. I am unable to authenticate with OKTA (I verified my URL is OK, I copied and pasted it in Chrome and its working, the only issue is with user agent):
https://uploads.disquscdn.c…
Can you please give me some idea. Thanks
Matt Raible
I just tried running this example and it worked for me. The only thing that was difficult was I had to use “dev-133320.okta.com” as my oktaDomain in app.properties, with no prefix or suffix. I’m on a Mac though, and it looks like you’re on Windows. I’m guessing you’re using Oracle JDK 8 or the project wouldn’t even compile.
Pierre Tardy
Hello, two questions from a security point of view:
I understand that the redirect URL is localhost. How do you protect against Man in the middle in this case (we don’t control localhost)
How do you protect the secret key in your JFX app?
It looks like any hacker with access to my app will be able to generate a rogue app that steal users bearer token.
Matt Raible
Hello Pierre,
Your first question is a good one. You could try using 127.0.0.1 instead of localhost. In most cases, the end user controls localhost, so I’m not sure “we don’t control localhost” is accurate.
As far as the secret key - you should never distribute one with your app. It should be possible to use authorization code flow with PKCE so you don’t need a client secret. However, the Microsoft library used in this tutorial hasn’t been updated since 2018 so I doubt it supports PKCE.
Ernesto Ivan Contreras Navarro
Did you find the solution to this problem? I’m making a javaFx application that uses okta, but I still get a blank page just like you
Hi
Were you able to resolce this?..it works on Mac but not on Windows. Windows shows blank screen (no username password inputs)
Thanks
Hi Matt
That’s right, it does not work on Windows. I see blank screen with no user name and password field. Please do let me now if you have some feedback.
Thanks
I tried following the instructions and running it on my Mac. There are no username and password fields that show for me (in the app). It does redirect me to Okta to log in and I do see the tokens after this succeeds. Are you getting redirected to Okta?
My settings in app.properties:
oktaDomain=dev-17700857.okta.com
oktaClientId=0oa4u...
oktaClientSecret=97qZvM...
I tried it on Windows 10 (via Parallels) and I can see the issue. It redirects to Okta but doesn’t show the login form. I’m sorry, I don’t know how to fix this.
Has this been addressed or worked around anywhere? Adapting the example given to my own project continues to give a mostly-blank page without login fields when viewed on a Windows machine (in this case, I’m running with OpenJFX 11)
Hello @MattLeidholm,
As far as I know, this example will only work with Oracle’s Java 8.
Every time I submit to the embedded JavaFX browser it just redirects to the Okta admin page, rather than redirecting back to my Java app?
Also how are new users meant to create an account in this webpage, for my app?
I am using jdk-1.8.jdk on MacBook Pro 2021 with latest MacOS
Hmmm, that is quite strange. Can you ensure you’re using the default authorization server? That is, your issuer ends in /oauth2/default? If you’re using an org authorization server, it might not work.
See our documentation for how to setup up self-service registration.
The auth URL I’m hitting does end with .okta.com/oauth2/default/v1/authorize then a load of GET params. Could the problem be related to the fact that if I ‘ping’ my redirectUri in terminal it does not respond?
Answer: Given the microsoft oauth package README (package used in tutorial) says ’ The web browser monitoring feature avoids
1. having to register a redirect URI that points to the local machine (which is sometimes impossible) and
2. hosting a web server on the local machine that would listen for a connection from the web browser.’ probably not
Figured it out! It was cause I was logging in with GitHub. Also why is there no link to create an account in the browser? Is there a way to enable that?
I’m glad to hear you figured it out. If our documentation (linked above) doesn’t work for enabling self-registration, I’d recommend contacting support at developers@okta.com.
Can Okta SSO implementation for a Java 8 desktop app still log an user into the app if there is no internet?
We have an in house Java 8 (using Java FX) desktop Windows app, and we would like to investigate replacing its current login mechanism with SSO using Okta.
We would like the user to be able to sign into their Windows machine, and then be able to open the app without having to provide their username and pw again. The app will then display “Welcome [name of the user]”.
Our question is: if there is an internet disruption (or completely no internet), will Okta still work in logging the user into the app successfully after they have logged into Windows? Our Windows terminals with the app sit at different areas throughout our local territory and sometimes experience internet disruption. Therefore, we know users can log into Windows, but the question remains that if we implement SSO with Okta on this app, we would like to know if they can still log in to the app.”
I have reviewed Tutorial: How to Build a JavaFX Desktop App with OIDC Authentication | Okta Developer, but we still have the question of being able to log in without internet.
Thank you.