Recommendation using Okta in java backend


I’m newbie with Okta and security and feel a little lost with those configurations.

What would be the best way to use Okta (and which kind of Okta application, protocol (java SDK, REST, other), security protocol (OpenId, SAML)) should i use ?

I’m on a legacy system using frameworks that allready have its security mechanism and i just want to make only authentication part with okta. I keep managing authorization and Authority in my backend (maintain userId and role mapping)

  • FrontEnd is in React
  • BackEnd is in Java using Spring security (and no spring boot) under Tomcat
  • Communication between front and back allready use JWT token system

My first idea was to implement my own Spring security class :

  • AuthenticationProvider (to call okta authenticate)
  • and UserDetailsService to get my user from Okta (but managing Authority on my side)

I first used java SDK okta-sdk (0.0.4) with AuthApiClient.authenticate method but it disappears in 0.7.0 version.

Seems that i could also use REST with https://xxxxxxxx/api/v1/authn this could make authenticate part and should use another REST call to process user load.

If anyone can enlighten me, is this the right way ?

I would use OpenID Connect, it is just easier than writing your own authentication provider:

Also, you are correct that the Authentication API is not in the Java SDK anymore, we needed to do a little under the cover work with the SDK, and the Authentication API is a client-side concern and we removed it from the Java SDK. We may evaluate if it is necessary for server-side management SDKs in the future, but that is the decision for now.

Let me know if you have any other questions!

1 Like