JHipster, OAuth and the Okta Sign-In Widget

I’ve been looking at setting up a POC-type dev environment that we can use to demo various pieces of the Okta Platform. On the lookout for new things, JHipster and Matt’s involvement made this seem like the obvious choice.

I’ve currently deployed a simplistic app with OIDC auth against Okta. This works fine with the out of the box Okta signin experience. A common scenario is that customer’s will deploy either a fully blown, Okta API-driven authentication experience, or the Okta Sign-In Widget. For the latter, how would I go about getting a simple JHipster app to use an internally hosted (ie. within the same app) widget page, before proceeding with the usual OIDC flow?

Cheers,

Richard

The OIDC support in JHipster leverages Spring Security to do everything. If you want to customize the sign-in experience, you have two options. 1) you can customize the hosted login widget for your org, or 2) you can integrate the Sign-In Widget into your application. If you’d like to do the second option, your best bet is probably to try to use a custom login page within the Angular SDK.

Thanks, Matt. Will give this a try.

Hi Matt,

I was able to configure JHipster and Okta together. When I tried to use the custom login page app, I cannot start my Jhipster app. I get the error:

Factory method ‘clientRegistrationRepository’ threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of “http://localhost:38080/login

The angular/Sign-In Widget is working correctly, after I added localhost:38080 to my CORS settings in the dashboard.

Do I need to create a http://localhost:38080/.well-known/openid-configuration page or is there a way to specify a local login page with the original okta server validation?

Thanks,

– mf

The Sign-In Widget won’t work in a JHipster app unless you do a lot of work to integrate it. All the authentication in JHipster OIDC happens on the server with Spring Security. Moving it to the client will make your app less secure because the tokens will be stored in local storage.