Implementing Authorization Code with PKCE flow

We are trying to implement Authorization Code with PKCE flow where our client application is flutter and resource server is springBoot. We are able to mint a token from flutter using flutter_app_auth library correctly. But when we send this token to our backend code and it tries to validate the token with okta using okta-spring-boot-starter we get “Failed to authenticate since the JWT was invalid”.

We are referring to this documentation Implement authorization by grant type | Okta Developer

Please note that we tested the same flow using a “Custom authorization server” on a developer instance and it worked. But when we are trying to use “Org authorization server” for this flow it gives us the above mentioned error.

I needed some clarity on this, if “Custom authorization server” is mandatory for this flow or if there are any modifications we need to make so that it works with with “Org authorization server”.

Thanks!

You will not be able to complete Local Token Validation for an Access Token issued by the Org Authorization Server. If you are protecting your own resource server/back-end with Access Tokens, you will need to use a Custom Authorization Server instead.

More details about this can be found here: Signature Validation Failed on Access Token | Okta Help Center

Hi @andrea
Thank you for the quick response. It will help. I will ask team to get necessary permissions to setup a custom auth server.

Thank You!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.