We are integrating Okta to our Grails web application using Authorization Code Flow pattern (with Spring security 5.2.3 Oauth2 libraries).
One of the features we want to implement is multi-factor authentication. After successfully verifying the factor, we end up with a valid sessionToken issued by Okta.
What I want to achieve is using the Okta sessionToken, log the the user in automatically to the web application. But I’m not sure how to achieve that with Spring security. Specially given that Spring generates and validates the state parameter.
Does anyone have any ideas or experience with how to implement this feature with Spring Security?