Pertaining to the following guide:
Options selected:
- client: Okta Sign-In Widget
- server: Generic Java
Hello,
I completed the items on the before referenced page up to the sentence “Once this is working you can move on to the next section, where we will make use of the access token to make an authenticated request against your server.”.
In doing so, I had a web page that displayed an Okta authentication prompt, allowing one to submit the credentials for a user assigned to the adjacent application in Okta. Upon successfully authenticating, in the developer console I see something similar to: “Hello, user@domain.com”. So far, so good.
Now that the mechanism for client authentication was setup, I wanted to replace the setup of my existing Tomcat based auth, which involved a servlet filter. It seems that the example allowed me to verify that a user had successfully logged in via the client javascript console, though how can this successful authentication be identified on the server?
I attempted to complete the guide after the section titled “Use the Access Token to Authenticate Requests”, though the example servlet filter that was setup always included a NULL Authorization. How to remedy?
In closing, once a user authenticates once, I am hoping that this fact can be stored in memory on the user’s session on the server (after which I planned on updating my existing servlet auth filter to validate this fact). Please advise how to reflect the successful auth on the server in my basic servlet webapp (non-Spring), and thanks.
Code for login.jsp, which is visited before and after authentication, is as follows:
<%@page import="com.okta.jwt.JwtVerifier,com.okta.jwt.JoseException,com.okta.jwt.JwtHelper,com.okta.jwt.Jwt"%><%
HttpServletRequest httpRequest = (HttpServletRequest) request;
String authHeader = httpRequest.getHeader("authorization");
if (authHeader != null) {
JwtVerifier jwtVerifier = new JwtHelper()
.setIssuerUrl("MY_BASE_URL/oauth2/default")
.setClientId("MY_CLIENT_ID")
.build();
String jwtString = authHeader.replaceFirst("^Bearer ", "");
out.println("jwtString: " + jwtString);
Jwt jwt = jwtVerifier.decodeAccessToken(jwtString);
jwt.getClaims().get("aClaimKey");
} else {
out.println("???");
}
%>
<head>
<title></title>
<script
src="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/2.6.0/js/okta-sign-in.min.js"
type="text/javascript"></script>
<link
href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/2.6.0/css/okta-sign-in.min.css"
type="text/css"
rel="stylesheet"/>
<link
href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/2.6.0/css/okta-theme.css"
type="text/css"
rel="stylesheet"/>
</head>
<body>
<div id="okta-login-container"></div>
<script type="text/javascript">
var oktaSignIn = new OktaSignIn({
baseUrl: "MY_BASE_URL",
clientId: "MY_CLIENT_ID",
authParams: {
issuer: "MY_BASE_URL/oauth2/default",
responseType: ['token', 'id_token'],
display: 'page'
}
});
if (oktaSignIn.token.hasTokensInUrl()) {
oktaSignIn.token.parseTokensFromUrl(
function success(res) {
// The tokens are returned in the order requested by `responseType` above
var accessToken = res[0];
var idToken = res[1]
// Say hello to the person who just signed in:
console.log('Hello, ' + idToken.claims.email);
// Save the tokens for later use, e.g. if the page gets refreshed:
oktaSignIn.tokenManager.add('accessToken', accessToken);
oktaSignIn.tokenManager.add('idToken', idToken);
// Remove the tokens from the window location hash
window.location.hash = '';
},
function error(err) {
// handle errors as needed
console.error(err);
}
);
} else {
oktaSignIn.session.get(function (res) {
// Session exists, show logged in state.
if (res.status === 'ACTIVE') {
console.log('Welcome back, ' + res.login);
return;
}
// No session, show the login form
oktaSignIn.renderEl(
{el: '#okta-login-container'},
function success(res) {
// Nothing to do in this case, the widget will automatically redirect
// the user to Okta for authentication, then back to this page if successful
},
function error(err) {
// handle errors as needed
console.error(err);
}
);
});
}
</script>
</body>