Spring Boot Okta Login Page Showing Invalid credentials

I have a problem about opening the login page of okta through http://localhost:9090/authenticate/login

I already get a page with showing a message which named “Invalid Crediantials”

Even if I recreate an app in app many times, I couldn’t solve the issue.

How can I fix it?

Here is the okta script of application.yml

    issuer: https://dev-54315943.okta.com/oauth2/default
    audience: api://default
    client-id: 0oa6s3zb19diYE0Fs5d7
    client-secret: Et8NxudIRKlKSTpNPoF0uPkPgNzOuzLx0UGts08G
    scopes: openid, email, profile, offline_access

Here is the controller for okta

public class AuthController {

    public ResponseEntity<AuthenticationResponse> login(
            @AuthenticationPrincipal OidcUser oidcUser,
            Model model,
            OAuth2AuthorizedClient client
    ) {

        log.info("AuthController | login is called");
        log.info("AuthController | login | client : " + client.toString());

        AuthenticationResponse authenticationResponse = null;
                    = AuthenticationResponse.builder()
        }catch (Exception e){
            log.info("AuthController | login | error : " + e.getMessage());

        return new ResponseEntity<>(authenticationResponse, HttpStatus.OK);

Here is the configuration of okta

public class OktaOAuth2WebSecurity {

    public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
        return http.build();
1 Like

How does your application handle primary authentication into Okta? Redirecting to the Okta hosted login page or are you trying to get an embedded login page working?

Are you following a particular guide/sample of ours?

When I make a request to this link named localhost:9090/authenticate/login okta login page is opened.
Next , I enter email address and password which are already defined as a user in okta and its status named Active. I got a message “Invalid credentials” after clicking the login.

How can I fix it?

First you should run all services defined below in order.
1 ) Registry Server (Eureka Server)
2 ) Cloud Server
3 ) Api Gateway
4 ) Run other services

Here is the example link : Link

Here are some screenshots shown below.

@andrea I’m also having exact same issue. Any idea on how to resolve this ?

Are you seeing an API calls failing when you test your app?

@andrea No any errors when try to login

Hm. so the /authorize call is successful at least, that’s promising. Any logs on the Java side for whether or not the /token call happened and whether or not it succeeded?

I forget to set this so I am getting that error. check all field in controller

The only thing that needs to be done is that the people/group(s) you are creating within the directory need to be assigned to the application.
In case they are not assigned, the Token would get generated as shown in screen cap

but the Invalid Credentials error would still pop up.


The missing part is to also ensure that the created user(s)/Group(s) are assigned to the respective applications and then the token(s) would be propagated to the spring authentication controller and user will be able see the token and granted authorities.

Bottomline: There is no need of code change but configuration adjustment is needed to assign user(s)/group(s) to the applications as attached for an example.

Login after assignment(s)

1 Like

@sunny13nitk Thank you, sir. Your solution has successfully resolved the issue on my end.