Okta Documentation not clear - How to get access token using Okta SDK

Poonam · February 22, 2022, 3:42pm

Hi,

I am following this page : Implement OAuth for Okta with a service app | Okta Developer and I have reached till the section Create and sign the JWT.

The documentation says : Note: Okta SDKs support creating and signing the JWT and requesting an access token. If you are using an Okta SDK, you can skip this section and the Get an access token section.

Can anyone pls show an example of Java code how this can be done using Okta-java-sdk?

Thanks,
Poonam.

erik · February 23, 2022, 8:56pm

Hello,

You can use one of the below methods to set the private key.

     private String PRIVATE_KEY = "/<path_to_pem>/private.pem";

    Client client = Clients.builder()
            .setOrgUrl("https://" + org)  // e.g. https://dev-123456.okta.com
            .setAuthorizationMode(AuthorizationMode.PRIVATE_KEY)
            .setClientId(clientId)
            .setScopes(new HashSet<>(Arrays.asList("okta.users.manage", "okta.apps.read")))
            .setPrivateKey(privateKey)
            // (or) .setPrivateKey("full PEM payload")
            // (or) .setPrivateKey(Paths.get("/path/to/yourPrivateKey.pem"))
            // (or) .setPrivateKey(inputStream)
            // (or) .setPrivateKey(privateKey)
            .build();

https://github.com/okta/okta-sdk-java#oauth-20

Poonam · February 25, 2022, 9:03pm

Thank you.

I was able to execute a stand along maven project which has only dependency as below and was able to connect to an Okta application and get list of users.

        <artifactId>okta-sdk-api</artifactId>
          <artifactId>okta-sdk-impl</artifactId>
              <artifactId>okta-sdk-httpclient</artifactId>

When I try to include these dependencies in my existing project I get below error.

Caused by: java.lang.SecurityException: class “org.bouncycastle.openssl.PEMException”'s signer information does not match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:898) ~[?:1.8.0_121]
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:668) ~[?:1.8.0_121]
at java.lang.ClassLoader.defineClass(ClassLoader.java:761) ~[?:1.8.0_121]
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) ~[?:1.8.0_121]
at java.net.URLClassLoader.defineClass(URLClassLoader.java:467) ~[?:1.8.0_121]
at java.net.URLClassLoader.access$100(URLClassLoader.java:73) ~[?:1.8.0_121]
at java.net.URLClassLoader$1.run(URLClassLoader.java:368) ~[?:1.8.0_121]
at java.net.URLClassLoader$1.run(URLClassLoader.java:362) ~[?:1.8.0_121]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at java.net.URLClassLoader.findClass(URLClassLoader.java:361) ~[?:1.8.0_121]
at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[?:1.8.0_121]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) ~[?:1.8.0_121]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[?:1.8.0_121]
at org.bouncycastle.openssl.PEMParser.(Unknown Source) ~[bcpkix-jdk15on-1.70.jar:1.70.00.0]

What does this error mean?

I even excluded bcpkix-jdk15on from two dependencies spring-cloud-starter-config and spring-cloud-starter-bus-amqp.