Recommendation using Okta in java backend

Hi,

I’m newbie with Okta and security and feel a little lost with those configurations.

What would be the best way to use Okta (and which kind of Okta application, protocol (java SDK, REST, other), security protocol (OpenId, SAML)) should i use ?

I’m on a legacy system using frameworks that allready have its security mechanism and i just want to make only authentication part with okta. I keep managing authorization and Authority in my backend (maintain userId and role mapping)

• FrontEnd is in React
• BackEnd is in Java using Spring security (and no spring boot) under Tomcat
• Communication between front and back allready use JWT token system

My first idea was to implement my own Spring security class :

• AuthenticationProvider (to call okta authenticate)
• and UserDetailsService to get my user from Okta (but managing Authority on my side)

I first used java SDK okta-sdk (0.0.4) with AuthApiClient.authenticate method but it disappears in 0.7.0 version.

Seems that i could also use REST with https://xxxxxxxx/api/v1/authn this could make authenticate part and should use another REST call to process user load.

If anyone can enlighten me, is this the right way ?

I would use OpenID Connect, it is just easier than writing your own authentication provider:

https://developer.okta.com/quickstart/#/react/java/spring

Also, you are correct that the Authentication API is not in the Java SDK anymore, we needed to do a little under the cover work with the SDK, and the Authentication API is a client-side concern and we removed it from the Java SDK. We may evaluate if it is necessary for server-side management SDKs in the future, but that is the decision for now.

Let me know if you have any other questions!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.