Spring Boot 2.1: Outstanding OIDC, OAuth 2.0, and Reactive API Support

Spring Boot 2.1: Outstanding OIDC, OAuth 2.0, and Reactive API Support

In this guide, you’ll learn about new features in Spring Boot 2.1. You’ll also learn about Spring Security, its excellent OIDC / OAuth 2.0 support, and how to develop a reactive API with WebFlux.

Shikhar

Why did you choose the http://localhost:8080/login/oauth2/code/okta as your redirectURI ? What purpose does this redirect URI serve ?

Matt Raible

Because this is the URI that Spring Security creates based on the configuration. See Spring Security’s docs for more information.

Shikhar

Matt thanks for the reply. what’s confusing me here is that there is another blog post

https://developer.okta.com/…
that doesn’t mention this redirect Uri
which setting should i then follow when i am setting up my okta app ?
your blog post and the one that i mentioned both work with spring boot security and use OAuth.
Please help me clarify this confusion
regards

Matt Raible

There’s two different types of Spring Security configuration happening here. In this post, I’m using Spring Security 5.1 and a snapshot version of Okta’s Spring Boot starter (1.0.0-SNAPSHOT). This snapshot version has been updated to support Spring Security 5.1. The other article you mention is using Okta’s Spring Boot starter v0.6.0. For v0.6.0, http://localhost:8080/login is the correct redirect URI.

Ela Fader

You have too many of those tutorials in too many variants :confused:

Anyway I am having some questions:
1. Do you have for newest Spring tutorial which shows how to use thymeleaf (and preferably maven and .properties file)?
2. How do you set some registration options? This tutorial only points to login page. Also it would be nice to be able use some social providers.
3. My Principal object name is something like 00uj1kjh34I6ixeA. That’s not my name. How do I easily access user details?
4. How do you log out?

Ela Fader

Turns out, instead of trying to combine knowledge from multitude of blog posts (which scratch different topics), I should have looked into examples at github. They answer most of my questions. I only have few left:
1. How do I approach registration? And how do I use social login?
2. What are okta.oauth2.scopes? What do values openid, email and profile mean?

Matt Raible

Hello Ela:

1. You can enable self-registration as part of your Okta org. This tutorial shows you how. For social login, see Add Social Login to Your Spring Boot 2.0 App.
2. Scopes are permissions. See Identity, Claims, & Tokens – An OpenID Connect Primer, Part 1 of 3 for more information on scopes.

Ela Fader

Thanks.

Regarding registration, it turns out if you login with social provider (at least Google’s) the user is automatically created at Okra. I am not sure if that’s a bug or feature (Add Social Login to Your Spring Boot 2.0 App tutorial suggests it might be a bug (by the way, I’ve added there some comment as well)).

Regarding registration via Octa, the fact the option is hidden in some old UI doesn’t fill me with confidence this feature is (and going to be) supported. Also tutorial is not precise how to registration process looks like. Like is it something done via sign-in widget? Widget documentation does not mention this use case.

By the way, I have one more question. Usually applications with users allow them to edit their profile. Like for example I can imagine user of my application could change on his name. Is there some Spring Boot tutorial for that? Like showing how application can connect to Octa and change user attributes?

Ela Fader

I got some new problems. I deploy my spring boot app so it is “accessible” via http. But in fact it is not visible to outside world, access to it is being proxied by nginx (which gives https). So user accesses application via https, but spring boot “thinks” it’s run on port 8080 via http. How do I let an application know it should prepare or the requests and redirects for https?

Matt Raible

Thanks for your comments on our Social Login post, I’ve sent your questions to a friend that knows more than me. I agree that the enabling of self-registration should be moved into the developer console (instead of the classic UI). I’ll ask to get that fixed.

FWIW, we’re Okta. My dad calls it Okra too. :wink:

For a tutorial that shows how to add/edit profile attributes, see Use Okta (Instead of Local Storage) to Store Your User’s Data Securely.

Ela Fader

It seems to me your friend wont’t show up.

Anyway, thanks for providing another building block snippet (for user data). Still I am missing some end-to-end example which would combine everything. Still, I guess I got information how to build everything myself.

By the way, I am having problems to understand how “Remember me” works. For me no matter if I tick it, I need to login again after about an hour. How do I configure it to really remember me?

Matt Raible

The good news is Registration now exists in the developer console. See Users > Registration in your Okta dashboard.

Since your questions are a bit out-of-scope for this blog post, can you please post them to our Developer Forums? There’s more eyeballs on that site and you’ll likely get answers faster. If you don’t, you can email developers@okta.com to create a support ticket.

I’m sorry for not answering directly here, but I don’t have an end-to-end example and I’m not an expert on how our remember me feature is implemented.

martinsamm

Matt, getting an error starting the service up. the URI for the issuer (https://dev-xxxxxx.oktaprev… is triggering a 404 in the InMemoryClientRegistrationRepository during startup. ive been through the tutorial with a fine tooth-comb and cant see where i’m going wrong. any ideas?

Matt Raible

Hello Martin,

I’m guessing you might be using an Okta IT Trial account instead of a developer account. We stopped using oktapreview for developer accounts several months ago. Can you try creating a new developer account at https://developer.okta.com/… and see if that helps?

martinsamm

ah, ok will do. thx alot Matt.