For my dev setup I have a fully working spring boot web app in which security is working correctly using the okta-spring-boot-starter with the following configurations:
Upon login I get a 404 because the url that is being redirected to follows this pattern: https://{organization}.okta.com/v1/authorize?response_type=code&client_id=#####
If I manually add /oauth2 before v1 then the flow continues working properly and im able to login into the application, e.g: https://{organization}.okta.com/oauth2/v1/authorize?response_type=code&client_id=#####
Im led to believe this is an issue with the way the okta-spring-boot-starter is working. I have a different angular SPA app setup in organization that also uses just https://{organization}.okta.com as the issuer and that one ends up creating the correct redirect url of https://{organization}.okta.com/oauth2/v1/authorize?response_type=code&client_id=#####
Going to https://{organization}.okta.com/.well-known/oauth-authorization-server also shows the correct urls there
Does anyone know of a change I need to do or a fix for this issue?
Can you confirm that everything works correctly when you make this change?
We’ll likely want to update our documentation to mention that you can set your issuer to https://org.okta.com/oauth2 to use the Org Authorization Server, but it might also be worth us looking into allowing you to set just the Okta domain as the issuer, which is supported for most of our other SDKs.
So I tested the /oauth2 url again, and it allows me to access the login page but afterwards for the token endpoint it again misses /oauth2 so that workflow ends up failing.
Additionally if set issue to: https://{org}.okta.com/oauth2 I get the following stack on startup: Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://{org}.okta.com/oauth2"
Which version of the starter are you using/ It looks like we pushed an update in v2.0.0 as part of Opaque token support (where tokens are validated remotely by making a request to Okta, instead of locally, by parsing the token and checking the signature and claim values)/