hello @bdemers ,
Thanks for the response, I will try to make my self as clear as possible and describe all the the system and all of problems I’m facing.
Technologies:
SPRING boot 2.3.9.RELEASE as a back-end server (that also serves resources and redirections) using
compile(“com.okta.spring:okta-spring-boot-starter:1.4.0”)
Angular 9 as Front End consuming “@okta/okta-angular”: “^3.1.0”,
tried to follow this guide (Build a CRUD App with Angular 9 and Spring Boot 2.2) but at the angular side we are always getting false for the" this.oktaAuth.isAuthenticated() " and we added all of the IP’s as trusted origins, and redirect URL’s in the Okta application page, and the Okta security API page as well.
and also once we connect from the link from the UI for the SPA Application inside of okta’s admin page, we get back a cookie and not a token, can i make Okta return me a JWT token instead of the cookie that it sets in the browser.
another question, if i have two applications inside the okta’s admin page, SPA app for the angular UI and Web app for the spring boot back end, how do they know that they are compatible? via the issuer ?
The flow for the Regular DB login:
1- enter user/pass from the custom Login page ( angular )
2- send user/pass basic auth to back end and get a jwt token
3- webconfigurerAdapter for handling permissions and apply filters that checks the JWT
4- UI saves token and attach it to each request from the UI to the backend
5- filter checks ROLE and JWT and allow access to the required resource
the flow that we want for OKTA login
1- press a button to sso via okta from the same custom login page (under the user and pass form)
2- redirect to okta login page or via a pop up window ( doesn’t really matter for now )
3- after authenticating the user in okta, we will redirect the user back to the application’s Dashboard.( preferably with a jwt in the response after authenticating the user)
4- enable all requests to the back end from the UI using the jwt, or the cookie
My current Okta web configurer Adapter
i prefer i cant get a jwt so it would be stateless as well and i can use my other webAdapter that i'm using for the DB login
Override
protected void configure(HttpSecurity http) throws Exception {
// all routes protected
http
.and()
.requestMatchers()
.and()
.authorizeRequests()
.antMatchers("/","/login**").permitAll()
.and()
.oauth2ResourceServer().jwt();
Current Flow of things :
we go to the UI login page, and we have the normal login form, that is not working any more because the Oauth2AuthorizationFilter is somehow always activated by the okta settings in application.yml
and we have 2 buttons for SSO (Need one, but need to make it work),
1- one is for the okta login from the SPRING side, when authenticating i get back a cookie saved in Jseesion id, and when I do a request to the backEnd rest controllers using the same browser, i can get responses, but i cant reach any of the UI pages with it.
example : i can reach host:port/api/users
but i can’t reach host:port/dashboard.
2- one from the Angular side (as shown in the guide) it redirects me to the Okta Login page, i do login using the Okta account, but then if I check this.oktaAuth.isAuthenticated() I always get false for some reason, It would really be great if i can get a jwt response from okta’s side when i login if possible, and then i can use this JWT to comunicate with the backend and also get the UI resources.
after logging in and checking the oktaAuth object from the Angular side i have the following :
Even if I use
.and()
.oauth2ResourceServer().jwt();
instead of oauth2login() I’m still somehow getting redirected to the okta webapp login okta’s page.
this is exactly what I need. but preferably using JWT that i can get to my frontEnd and use it communicate with the backend.
an example of the Form I would like to have :
I really appreciate all of your help
Thanks a lot
Majd