Okta server side token validation in OIDC

Questions
1

I am using Spring boot as my resource server and react as my SPA. I made an OIDC app in okta and getting the access token from the OKTA. Then, I am sending this token my spring boot resource server but there I am getting Unauthorized.
My Spring boot config.

okta.oauth2.issuer= https://navi-2020.okta.com
okta.oauth2.clientId=0oa57fbt3r5I638u94x6
okta.oauth2.audience=0oa57fbt3r5I638u94x6

My React config:
const config = {
issuer: ‘https://navi-2020.okta.com’,
redirectUri: window.location.origin + ‘/implicit/callback’,
clientId: “0oa57fbt3r5I638u94x6”,
pkce: true
};

My app in okta:

Screenshot 2020-04-03 at 3.10.44 PM
Screenshot 2020-04-03 at 3.10.44 PM1494×802 41.1 KB

This is the error i get everytime :slight_smile:
Bearer error=“invalid_token”, error_description=“An error occurred while attempting to decode the Jwt: Invalid token”, error_uri=“https://tools.ietf.org/html/rfc6750#section-3.1

I have used Okta-spring-boot-starter as my dependency.

It is working fine with this server:(with all corresponding config)

image
image2136×312 26.8 KB

But creating problem when i am doing the above mentioned approach.
Please help

2

Hi @Shubham6541

Access tokens created by org authorization server can not be verified locally through a JWT verifier as the signing keys for them are not present due to RFC restrictions. The only possibility to validate the tokens is by using the /introspect endpoint.

3

Thanx, It really helped.

4

how to validate token using /introspect endpoint in spring boot application , if i don’t have client_secret.
please help.
Thank you.

5

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.