Secure Your Java App with OAuth 2.0 in 5 Minutes
Learn how to create a Java application with Spring and secure it with OAuth 2.0 in 5 minutes.
M Khan
The thymleaf template has an incorrect line for lastAccess, this one works:
<li th:if="${lastAccess}" th:text="'Last access: ’ + ${lastAccess}"></li>
M Khan
Its very well written and simple to implement. Thanks
Matt Raible
Thanks for letting us know. This has been fixed.
Christopher Parsons
After following the instructions and getting to the part where Spring security is setup, I can’t log in. I’ve double checked the code and I’m positive I’m using john.doe and secret, but it still says I have bad credentials. Any ideas why this wouldn’t work?
J S
Hi, I do not see anywhere Client ID and CLIENT_SECRET in General tab of my application.
Can you please provide the exact field names. Spent so much of time and nothing matching Client ID and CLIENT_SECRET.
please provide me at least example which I can compare with my page and try to figure out…
I can not even attach the screenshot here (no option to attach) and hence unable to tell what I am seeing. Regarding Client id, I see only one ID field called SAML Issuer ID. Not sure.
There is no Client Credentials area as such. I do not see it in general tab. clicking on other tabs and could not see.
thanks
Matt Raible
Did you follow the steps in the Create an Okta Account section? If you did, you should see the Client ID and Client Secret on the screen after you click the Done button.
J S
when I crated account, there is nothing much it did. It sent me verification email and I clicked on Verify account button in the email and entered security qn and pwd. That’s it. It provided me Dashboard page. it did not display client id and client_secret… are you asking did I follow add application process ? If so, while adding application, It has sign on method with two radio buttons
1. SAML2.0
2. Open Id connect.
This is not explained in the blog. Not sure which option to select. I believe 2nd option.
Matt Raible
You have to create an account AND an OIDC application. From your Okta Dashboard, click on Applications > Add Application > Web. That’s what the instructions in this tutorial say to do.
Matt Raible
When you activated your account, it should’ve prompted you for a security questions. You can use that to reset your password. There should be a link at the bottom of the login form to do this. If that fails, you can create a new developer account with the same email address. Make sure to activate it from the email that’ll be sent to you.
J S
Thanks a lot. Appreciate your Patience. Accidentally I was in Classic UI and hence could not find your options. I am able to obtain Client Id and Client Secret. Will proceed now.
Thank you very much
J S
Hi Matt, I am able to authenticate through Okta account (OAuth 2.0). How do we make our application is accessible for all the users in our org? what is the approach we need to follow ? I mean, currently one account we have. Where do we create accounts for 100s of users in our org ? Please help me to understand the logic.
Thank you for your great input.
Matt Raible
If you have all your users imported in your org, you just need to give them the URL to your app. If you want the app to show up in your Okta dashboard, I’m not sure. You might send an email to developer@okta.com and ask them.
J S
Thank you so much. Very helpful.
Sascha Jung
Hi, I hope I didn’t do anything wrong. After following the tutorial (thanks so far, it seems to be the only understandable and straight forward one on oauth) it still opens the spring security login console…I created the okta.env file and entered the data including the url, but it doesn’t seem to work…does somebody have a clue? Thanks in advance!
Matt Raible
Did you run “source okta.env” before starting your app with “mvn spring-boot:run”?
Sascha Jung
Yes I did, but I couldn’t start the app with mvn spring-boot:run, so I started the main method. Weird thing is, I also cloned your git repo and tried that - same thing…so I think it’s some little thing I am missing 
Matt Raible
Running the source command sets the environment variables. If you start the app from your IDE, you’ll need to set them in your IDE. If you follow the instructions as provided, it should work.
Sascha Jung
At least the goal is able to run now, the build fails anyway, but it is currently not that important, because we worked around the need of oauth. Thank you anyway for your time! As soon as I find a solution to my problem I will post it here.
naresh
Hi ,
Can you plz provide any core Java application with Okta authentication example ??