Background info
Upgraded to spring boot 3 which uses spring security 6, and facing the issue where the following property when set spring.security.oauth2.client.registration.okta.redirect-uri: ${REDIRECT_URL} prevents JSESSIONID being sent (This works as expected with older versions), and application keeps redirecting to /login page.
Expected behavior
Application should have logged in with an authenticated session id after the redirect
What went wrong?
GET /login/oauth2/code/okta?code=xyz&state=xyz HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Cookie: JSESSIONID=ABC123; XSRF-TOKEN=auto-gen Host: localhost:8080
XSRF-TOKEN is set by my application
My Request above gives a response:
with Set-Cookie: XSRF-TOKEN,
where JSESSIONID is missing
Steps to reproduce
add spring.security.oauth2.client.registration.okta:.redirect-uri: ${REDIRECT_URL} in application.yml along with other required properties. (did not test it on a scratch application yet)
SDK Version
3.0.4