Login Redirect Error

Hello. I’m currently learning Okta auth, and I’m trying to use Okta on a simple Spring Boot App, but there are some nebulous details

Following are some of the cofigurations I’ve done so far:



Configuration Adapter:

class OktaOAuth2WebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {

And a simple endpoint:

@GetMapping(value = "/rewards")
public ResponseEntity<List<ResultDTO>> findAll(){
    return ResponseEntity.ok(resultService.findAll());

Lastly, my sign-in login conf on admin dashboard:

I’m running the server on http://localhost:8082, but there are two things that aren’t clear to me:

  1. When I access http://localhost:8082/oauth2/authorization/okta I receive a bad request (400) response

    • That affects my request on postman, for example, which redirects to: https://dev-8085748.okta.com/oauth2/default/v1/authorize?response_type=code&client_id=xxx&scope=profile%20email%20openid&state=xxx%3D&redirect_uri=http://localhost:8082/login/oauth2/code/okta&nonce=xxx

As you can see I have http://localhost:8082 in my sign-in settings, I’m missing something?

  1. If I configure a redirect_uri in the application.properties file (okta.oauth2.redirect-uri=https://dev-8085748.okta.com, for example) it doesn’t replaces the redirect uri, but adds, resulting in that response:

Is that a bug, or there is a way to replace the redirect_uri completely? How can I set where to redirect?

Ok, so it seems that allowing wildcards didnt work as I expected, adding http://localhost:8082/login/oauth2/code/okta solved my problem with the login.

But I still didnt find out how to deal with the redirect uri.

How are you adding new redirect_uris to your application in Okta? Is the problem you refer to about how you are trying to add an additional redirect_uri, or something else?

By adding


on application.properties

the redirect-uri should be the callback route in your app, for example, our sample applications use the relative path “/authorization-code/callback”

1 Like

gotcha, its not the complete path, thanks

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.