How to get authenticated directly in Spring Boot API with oAuth 2 with PKCE

Hello,
We have a React Web App independent from our Spring Boot Api app. We configured our Spring Boot App as a ressource server. And we have succeeded to authenticate to OKTA using oAuth 2 PKCE authorization flow from React SPA.

If we try to access the same endpoints from our Spring Boot App, which by the way has a Swagger inside it, we are not authorized. For example, if we try to access to localhost:3000/getData passing by React SPA we get authenticated by OKTA and get the authorization to access the data from Spring boot API ressource server. But, if we try to access to localhost:8080/getData we get rejected.

  • How can we still be able to access the same endpoints in Spring Boot API (Swagger) ?
  • How can we authenticate with OKTA directly on the backend to our ressource server, but still keeping the ability to connect via React SPA ?

Many thanks for your help

Here’s the solution we have found along with the stackoverflow members okta - Use several spring security configuration and apply them according to the calling url - Stack Overflow