How to validate access token from java

Hi everyone,

we are using the implicit flow together with a Single Page Application in Okta and can retrieve the access token from the frontend using okta-auth-js, but we are not able to retrieve the user information in the (Java) backend using the token the following way:

UserInfoTokenServices tokenServices = new UserInfoTokenServices("https://dev****.oktapreview.com/oauth2/default/v1/userinfo", resource.getClientId());

With this we got an invalid_token exception. Unfortunately the user information retrieval even failed using postman.
We double checked the token using https://jwt.io/ and it was proper.

Can you give us more insights what we are missing?

Best regards,

Chrisitan

Any details in the exception as to the error?

Can you you paste the decoded bits (filtered as you see fit)

Which version of Spring Boot (and other Okta libs) are you using?

Hello Bdemers,

thanks for your quick reply!

  1. the exception is the following

    error=“invalid_token”, error_description=“MY_ACCESS_TOKEN”
    at org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices.loadAuthentication(UserInfoTokenServices.java:93)

  2. we are using

  • okta-spring-boot-starter version 0.6.1
  • org.springframework.security.oauth version 2.3.3
  • spring-boot-starter-security version 2.0.5
  1. sorry I don’t get what you mean by the decoded bits, can you give some example :slight_smile:

Best regards,

Christian

I strongly recommend using the latest version 1.1.0.

By decoded bits i mean the json output from jwt.io or jsonwebtoken.io