Invalid credentials when redirected from okta

Hello,

This is in reference to OAuth2 integration using spring security and okta spring boot starter, where on accessing a rest endpoint, the app is redirected to okta and on successful login there it is redirected back to the app but on the login?error endpoint showing the invalid credentials. No exception or error is seen in the logs for the same but it still fails for this reason.

server.servlet.context-path: /myapp

@Configuration
public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .cors().and()
            .authorizeRequests()
            .antMatchers("/login**", "/error**").permitAll()
            .anyRequest()
            .authenticated().and()
            .oauth2Login();
}

/**
 * Allows access to static resources, bypassing Spring security.
 */
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers(
            // Vaadin Flow static resources //
            "/VAADIN/**",
            "/vaadinServlet/HEARTBEAT/**",
            "/vaadinServlet/UIDL/**",

            // the standard favicon URI
            "/favicon.ico",

            // the robots exclusion standard
            "/robots.txt",

            // web application manifest //
            "/manifest.webmanifest",
            "/sw.js",
            "/offline-page.html",

            // (development mode) static resources //
            "/frontend/**",

            // (development mode) webjars //
            "/webjars/**",

            // (production mode) static resources //
            "/frontend-es5/**", "/frontend-es6/**");
}
}

Request URL: https://some-domain.com/myapp/login/oauth2/code/okta? 
code=MLGhyN6ZcT_4xItY0KR6&state=MRNSJ599oZt93_15Oy9wCpBtR1xldjpK2xaysVPNHtk%3D
Request Method: GET
Status Code: 302 

location: https://some-domain.com/myapp/login?error

Note - Using Vaadin 8, spring boot 2.2.1, okta-spring-boot-starter-1.3.0, spring-security-oauth2-autoconfigure-2.2.1.

1 Like

have you solved it? me actually having the same issue I am implementing okta oauth2 on spring cloud gateway, everything working fine, while Iā€™m doing a custom-login page with just spring security and spring web

I have also run into this same issue. I was able to host locally and redirect just fine, but when hosting using a cloud provider, I ran into the exact same thing. Let me know if you were able to solve this. Thanks