Open id configuration

Is there a way our service can start without connecting to https://dev-xxxxxx.okta.com/.well-known/openid-configuration. Our server will be running without internet access inside our network. If we enable internet to the server and start the server and then we can turn off the internet and it works fine.

Hello,
Can you detail more about what your service is? Is it a resource server with protected APIs, that clients call?

If so, in theory there might be a few hacks you could do that would require modifying the servers resolvers to resolve your Org to an internal source that could host the contents of the .well-known endpoints, /keys endpoints etc. These copies would need to mirror the content of the actual resources hosted on the Org server, and stay in sync when the keys rotate. However this is something you would need to setup or perhaps have consultation for.

If this is not a resource server but a web app that is part of the auth flow, then it must have internet access.

Hi, I am currently using these properties in springboot application which are downloaded using the internet. Our web application uses OKTA for authentication and server has no internet access.

spring.security.oauth2.client.registration.okta.client-id=xxxxxxxxxx

spring.security.oauth2.client.registration.okta.client-secret=xxxxxxxxxxxxxxxxxxxxxxxxxxx

spring.security.oauth2.client.registration.okta.client-name=Access

spring.security.oauth2.client.registration.okta.provider=okta

spring.security.oauth2.client.provider.okta.issuer-uri=https://dev-xxxxxxx.okta.com

spring.security.oauth2.client.registration.okta.scope=openid,profile,email,address,phone

spring.security.oauth2.client.registration.okta.client-authentication-method=basic

spring.security.oauth2.client.registration.okta.authorization-grant-type=authorization_code

spring.security.oauth2.client.registration.okta.redirect-uri=https://dev-xxxxxxx.okta.com/oauth2/code/okta

spring.security.oauth2.client.provider.okta.authorization-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/authorize

spring.security.oauth2.client.provider.okta.token-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/token

spring.security.oauth2.client.provider.okta.user-info-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/userinfo

spring.security.oauth2.client.provider.okta.jwk-set-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/keys

spring.security.oauth2.client.provider.okta.userNameAttribute=email

@venumath If you turn off your Internet and try to open this URL https://dev-xxxxxx.okta.com/.well-known/openid-configuration on your local machine, what error/warning do you receive?

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for “https://dev-removed.okta.com/.well-known/openid-configuration”: dev-removed.okta.com; nested exception is java.net.UnknownHostException: dev-removed.okta.com
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:740) ~[spring-web-5.1.19.RELEASE.jar:5.1.19.RELEASE]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:666) ~[spring-web-5.1.19.RELEASE.jar:5.1.19.RELEASE]
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:307) ~[spring-web-5.1.19.RELEASE.jar:5.1.19.RELEASE]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.getOpenidConfiguration(ClientRegistrations.java:106) ~[spring-security-oauth2-client-5.1.13.RELEASE.jar:5.1.13.RELEASE]
… 167 common frames omitted
Caused by: java.net.UnknownHostException: dev-removed.okta.com

@venumath I do not think that is doable or if pre-saving metadata to local machine can help. You can post the issue on Okta spring boot SDK to double check.