Not able to integrate Springboot web app with Okta

I have a springboot v2.7.18 app with the below okta dependencies:

com.okta.spring
okta-spring-sdk
3.0.6


com.okta.spring
okta-spring-security-oauth2
3.0.6

Added the below into my application.properties

okta.oauth2.issuer=https_//dev-01010101.okta.com/oauth2/43554vn635464
okta.oauth2.client-id=65736b356365v
okta.oauth2.client-secret=h653ujns-gfjh65u8456u56un56u5u564
okta.oauth2.redirect-uri=/authorization-code/callback

The app redirects to Okta login and works without any spring security config, but when I enable security using @EnableWebSecurity and add the below

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.authorizeRequests()
    .antMatchers("/test").permitAll()
     .anyRequest().authenticated()
     .and()
     .oauth2Login();
    return http.build();
}

I get an the below error on accessing my application:

Login with OAuth 2.0

[invalid_request] PKCE code challenge is required by the application.

[auth server issuer url printed here]
(localhost:8181/oauth2/authorization/okta)

I have created an OIDC - Web integration app, and added that to my authorization server policies etc.

Please help!!

I was able to resolve it by re-writing the config for ClientRegistrationRepository

return CommonOAuth2Provider.OKTA.getBuilder(“okta”)
.clientId(clientId)
.clientSecret(clientSecret)
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope(“openid”, “email”, “profile”")
.authorizationUri(authUri)
.tokenUri(tokenUri)
.userInfoUri(userInfoUri)
.userNameAttributeName(IdTokenClaimNames.SUB)
.jwkSetUri(jwkUri)
.build();

And adding the below to spring security filter chain to enable pkce:

Okta.configureOAuth2WithPkce(http, clientRegistrationRepository);

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.