OpenID Connect Logout Options with Spring Boot

Developer Blog Comments
21

Ahh, I think I see what you are asking.

The SecurityContextLogoutHandler is only going to clear your local session (e.g. call session.invalidate()

You will then need to redirect to Okta with a correctly formatted URL: OpenID Connect & OAuth 2.0 API | Okta Developer

Take a look at the Spring implementation:

If you are building something custom, you typically wouldn’t be able to construct this URL on the client, as it wouldn’t have the ID token.

To debug this issue, you can watch the network log in your browser and see what the request looks like, and what the response was.

Taking a step back, do you have a JS client that is calling /customLogout ? Are you handling auth from your front end or backend?

22

Not sure if anyone asked this question. How to invoke logout from REact (fetch or any get or post ) and make use of .logout().logoutSuccessfulUrl(…) ?

23

The following post uses Spring Boot and React to logout. Please let me know if it helps.

24

Sure. I will try.
But I am using google auth. (oauth2). Not sure okta is free or not.

  1. updated my application.properties for google client id etc
  2. added1 dependency
  3. security config

@Configuration
@EnableWebSecurity
public class SecurityConfig {

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
            .csrf()
            .disable()
            .authorizeHttpRequests()
            .anyRequest()
            .authenticated()
            .and()
            .logout()
            .logoutUrl("/sign-in")
            .and()
            .oauth2Login()
    ;
    return http.build();
}

}

  1. React has logout button and associated fetch, but I dont have a spring boot end point for logout

Can I use the suggested solution (Use React and Spring Boot to Build a Simple CRUD App | Okta Developer)?

25

Okta, and Auth0, is free for up to 7,000 monthly users. Are you doing authentication in your React client or packaging your React and Spring Boot apps together? This post shows how to do the latter. For the former, you might look at our Okta Spring Boot Sample, which has a logout feature. See its SecurityConfiguration.java for how logout is configured.

26

I am - packaging your React and Spring Boot apps together. As I added dependencies to spring + google auth config , the google auth page is displayed

(I used Auth0 before Okta bought it . I struggled with websockets security) I will deploy app inside a GCE, using Okta account as in the example, will it work ?

27

If you can get it working locally, it should be easy to deploy it anywhere. After all, it’s just a JAR or a Docker container. I wrote a blog post on deploying an Angular + Spring Boot app to many different platforms a few years ago. Maybe it will help?

28

Sorry for coming again

I cloned and updated application .properties with the 3 okta properties. and executed ./mvnw spring-boot:run -Pprod

Error starting ApplicationContext. To display the condition evaluation report re-run your application with ‘debug’ enabled.
2023-09-16T20:48:42.391+01:00 ERROR 10492 — [ main] o.s.b.d.LoggingFailureAnalysisReporter :

APPLICATION FAILED TO START

Description:

Parameter 0 of constructor in com.okta.developer.jugtours.web.UserController required a bean of type ‘org.springframework.security.oauth2.client.registration.ClientRegistrationRepository’ that could not be found.

Action:

Consider defining a bean of type ‘org.springframework.security.oauth2.client.registration.ClientRegistrationRepository’ in your configuration.

29

Correction:

Changed from ISSUER to okta.oauth2.issuer in application properties file
CLIENT_SECRET yto okta.oauth2.client-secret

and it works

1 Like
30

I’m glad to hear you got it working, @Kris!

31

Thanks @mraible
the application started , and getting the okta page. But I’m looking for a user perspective , what work is required for a user to successfully login ? (strange)Even I am not able to login

I did try forgot password. I observed that it takes 1 hour or so for the email

32

For a user to log in successfully, they’ll need an account, or you’ll need to enable sign-up for new users. This documentation might help: Create User | Okta

33

Thank you
I clicked on the link and I see API.

It looks complicated. I did use Okta CLI to create configuration, not sure what that is for ?. now I revisited browser tabs and landed on https://manage.auth0.com/dashboard , and used my gmail to register?
I do see a string dev-isyav1xyzabcd allocated in US.
Unsure what I am doing

Can I get steps on okta process only? i.e. create config using CLI , then ?

35

Hi Kris,

Okta has two products: Workforce Identity Cloud and Customer Identity Cloud, which is powered by Auth0. The Okta CLI only works with the Workforce Identity Cloud. If you’re using Auth0 (which manage.auth0.com seems to indicate you are), you should be using the Auth0 CLI.

I have not tried to make this example work with Auth0, but @deepu105’s blog post on Get started with Spring Boot and Auth0 does have a logout example.

36

Hi @mraible
I did open an okta account - https://dev-a1###76-admin.okta.com/admin/getting-started
what configuration needs to be setup on okta site ? I would like to spin the app code and login

37

Everything should work if you follow the instructions in the blog post.

38

RP-Initiated Logout, or relying party-initiated logout, simplifies session termination in OAuth 2.0/OIDC. Your application triggers this logout with the identity provider (IdP), effectively ending sessions for all single sign-on (SSO) configured apps. Instead of redirecting to your app, it redirects to the IdP for logout actions, then returns to your app using a post-logout redirect URI like: https://dev-123456.okta.com/oauth2/default/v1/logout?id_token_hint=&post_logout_redirect_uri=http://localhost:8080/. Learn more