I have a springboot v2.7.18 app with the below okta dependencies:
com.okta.spring
okta-spring-sdk
3.0.6
com.okta.spring
okta-spring-security-oauth2
3.0.6
Added the below into my application.properties
okta.oauth2.issuer=https_//dev-01010101.okta.com/oauth2/43554vn635464
okta.oauth2.client-id=65736b356365v
okta.oauth2.client-secret=h653ujns-gfjh65u8456u56un56u5u564
okta.oauth2.redirect-uri=/authorization-code/callback
The app redirects to Okta login and works without any spring security config, but when I enable security using @EnableWebSecurity and add the below
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/test").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login();
return http.build();
}
I get an the below error on accessing my application:
Login with OAuth 2.0
[invalid_request] PKCE code challenge is required by the application.
[auth server issuer url printed here]
(localhost:8181/oauth2/authorization/okta)
I have created an OIDC - Web integration app, and added that to my authorization server policies etc.
Please help!!