Spring Boot Okta Invalid Credentials

Questions OAuth/OIDC
,
1

We are implementing authorization for our Spring Boot Web Application through the Company’s Okta Server. The idea is to allow users to sign in to the company’s Okta dashboard and then click on our application from there. However, we are not able to redirect users to our application API call. We have the following configuration on the Okta Application:

Sign In Redirect URI: https://backend-web-api.com/authorization-code/callback

Login Initiated By: Either Okta or APP

Login Flow: Redirect to app to initiate login(OIDC compliant)

Initiate Login URI: https://backend-web-api.com/user/authorize

We have the controller with the /user/authorize but the request is not getting redirected to this controller which we mentioned in the Initiate Login URI Requests

We are using the Okta spring Boot starter (2.1.7), Spring boot starter parent version 2.7.3 and following Security Config code


       http
               .csrf().disable()
               .authorizeRequests()
               .antMatchers(HttpMethod.OPTIONS).permitAll()
               .antMatchers("/resources/**", "/registration").permitAll()
               .antMatchers("/user/authorize*").authenticated()
               .and()
               .logout().logoutSuccessUrl("/").permitAll()
               .and()
               .oauth2Client()
               .and()
               .oauth2Login();

        http.oauth2Login(Customizer.withDefaults());
        http.oauth2ResourceServer(oauth2-> oauth2.jwt(Customizer.withDefaults()));

        return http.build();
    }```

Properties file for the same as below:
```okta.oauth2.issuer=https://company-url.org/oauth2/default
okta.oauth2.client-id=####
okta.oauth2.client-secret=########
okta.oauth2.redirect-uri=/authorization-code/callback

The error we are getting is Invalid Credentials and here is the attached screenshot for the same

SGYXr
SGYXr1542×280 12.9 KB

Following is the network tab when we click on our application link through Okta dashboard.

8eljR
8eljR874×434 45.9 KB

2

Well, it looks like your application is able to make the /authorize request to Okta, and that Okta is returning an authorization code back to your callback route/redirect_uri. The error you are seeing makes me think that the subsequent /token request is the one failing.

Questions:

  • What type of application did you create within Okta? For the Spring Boot Starter, Web is recommended
  • When you configured the Spring Boot starter, did you provide it the Client Secret for this same application?
1 Like
3

Thank you for the response. Yes, the company admin selected web as the application and we are providing the Okta secret through the application properties file by mentioning it like okta.oauth2.client-secret = #clientSecret

4

Can you make sure this value is getting set as the okta.oauth2.clientSecret in your config? You might have a typo if its client-secret in your code instead.

1 Like
5

We tested out by setting different values in the client secret by providing different values then it gave us a 401 error. We get an Invalid_token_response error in this case.So thinking the code might be picking the correct Client Secret from the config and something else might be causing it?

6

Restarting the server by changing it to okta.oauth2.clientSecret has worked. Thank you for helping out. I have one more question on this, to get the access token do we need to make an additional call to the /token endpoint?

1 Like
7

I believe the starter should be handling that for you, but you can take a look at our sample and example Java apps here as a reference, see if there’s anything your application may be missing.

8

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.