I have implemented Okta signin widget with Javascript (@okta/okta-signin-widget). Now i can see all user&token info in localstorage as okta-cache-storage and okta-token-storge I want to set this same to Spring Security context(Bacically i want to retain same info for resource server). I know there are some API’s which i can trigger from Resource server but i am looking something effectuate way and can be called only once.-- Thanks for help
I can see two ways of doing this. 1) You create a bunch of claims that you stuff in your access token. On the Spring side of things, you parse those claims and update the authenticated user. 2) You look up the user’s information on the Spring side using the access token and the /userinfo endpoint.
In the end, I think #2 is the best long-term solution. However, I’ve only implemented #1 myself.
1 Like
Thanks. that hint was helpful. I kind of used below config and got the claim info in the security context now.
resource:
user-info-uri: https://dev-***.okta.com/oauth2/default/v1/userinfo
spring-security-oauth2-autoconfigure’, version: '2.0.0.RELEASE
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.