I’m newbie with Okta and security and feel a little lost with those configurations.
What would be the best way to use Okta (and which kind of Okta application, protocol (java SDK, REST, other), security protocol (OpenId, SAML)) should i use ?
I’m on a legacy system using frameworks that allready have its security mechanism and i just want to make only authentication part with okta. I keep managing authorization and Authority in my backend (maintain userId and role mapping)
- FrontEnd is in React
- BackEnd is in Java using Spring security (and no spring boot) under Tomcat
- Communication between front and back allready use JWT token system
My first idea was to implement my own Spring security class :
- AuthenticationProvider (to call okta authenticate)
- and UserDetailsService to get my user from Okta (but managing Authority on my side)
I first used java SDK okta-sdk (0.0.4) with AuthApiClient.authenticate method but it disappears in 0.7.0 version.
Seems that i could also use REST with https://xxxxxxxx/api/v1/authn this could make authenticate part and should use another REST call to process user load.
If anyone can enlighten me, is this the right way ?