How to Build a JavaFX Desktop App with OIDC Authentication

How to Build a JavaFX Desktop App with OIDC Authentication

This tutorial shows you how to add OAuth 2.0 authorization and OIDC authentication in a JavaFX desktop app.

Aÿaz Péraçhaa

HI Andrew,

Thanks for a fantastic tutorial. Bravo!!

I have one question. I am able to compile the code and run it.

My user agent is running but giving me a blank screen. I am unable to authenticate with OKTA (I verified my URL is OK, I copied and pasted it in Chrome and its working, the only issue is with user agent):
https://uploads.disquscdn.c…

Can you please give me some idea. Thanks

Matt Raible

I just tried running this example and it worked for me. The only thing that was difficult was I had to use “dev-133320.okta.com” as my oktaDomain in app.properties, with no prefix or suffix. I’m on a Mac though, and it looks like you’re on Windows. I’m guessing you’re using Oracle JDK 8 or the project wouldn’t even compile.

Pierre Tardy

Hello, two questions from a security point of view:

I understand that the redirect URL is localhost. How do you protect against Man in the middle in this case (we don’t control localhost)

How do you protect the secret key in your JFX app?

It looks like any hacker with access to my app will be able to generate a rogue app that steal users bearer token.

Matt Raible

Hello Pierre,

Your first question is a good one. You could try using 127.0.0.1 instead of localhost. In most cases, the end user controls localhost, so I’m not sure “we don’t control localhost” is accurate.

As far as the secret key - you should never distribute one with your app. It should be possible to use authorization code flow with PKCE so you don’t need a client secret. However, the Microsoft library used in this tutorial hasn’t been updated since 2018 so I doubt it supports PKCE.

Ernesto Ivan Contreras Navarro

Did you find the solution to this problem? I’m making a javaFx application that uses okta, but I still get a blank page just like you

Hi
Were you able to resolce this?..it works on Mac but not on Windows. Windows shows blank screen (no username password inputs)
Thanks

Hi Matt

That’s right, it does not work on Windows. I see blank screen with no user name and password field. Please do let me now if you have some feedback.

Thanks

I tried following the instructions and running it on my Mac. There are no username and password fields that show for me (in the app). It does redirect me to Okta to log in and I do see the tokens after this succeeds. Are you getting redirected to Okta?

My settings in app.properties:

oktaDomain=dev-17700857.okta.com
oktaClientId=0oa4u...
oktaClientSecret=97qZvM...

I tried it on Windows 10 (via Parallels) and I can see the issue. It redirects to Okta but doesn’t show the login form. I’m sorry, I don’t know how to fix this.

Has this been addressed or worked around anywhere? Adapting the example given to my own project continues to give a mostly-blank page without login fields when viewed on a Windows machine (in this case, I’m running with OpenJFX 11)

Hello @MattLeidholm,

As far as I know, this example will only work with Oracle’s Java 8.

Every time I submit to the embedded JavaFX browser it just redirects to the Okta admin page, rather than redirecting back to my Java app?

Also how are new users meant to create an account in this webpage, for my app?

I am using jdk-1.8.jdk on MacBook Pro 2021 with latest MacOS

Hmmm, that is quite strange. Can you ensure you’re using the default authorization server? That is, your issuer ends in /oauth2/default? If you’re using an org authorization server, it might not work.

See our documentation for how to setup up self-service registration.

The auth URL I’m hitting does end with .okta.com/oauth2/default/v1/authorize then a load of GET params. Could the problem be related to the fact that if I ‘ping’ my redirectUri in terminal it does not respond?

Answer: Given the microsoft oauth package README (package used in tutorial) says ’ The web browser monitoring feature avoids

1. having to register a redirect URI that points to the local machine (which is sometimes impossible) and
2. hosting a web server on the local machine that would listen for a connection from the web browser.’ probably not

Figured it out! It was cause I was logging in with GitHub. Also why is there no link to create an account in the browser? Is there a way to enable that?

I’m glad to hear you figured it out. If our documentation (linked above) doesn’t work for enabling self-registration, I’d recommend contacting support at developers@okta.com.