Spring Boot Okta Login Page Showing Invalid credentials

I have a problem about opening the login page of okta through http://localhost:9090/authenticate/login

I already get a page with showing a message which named “Invalid Crediantials”

Even if I recreate an app in app many times, I couldn’t solve the issue.

How can I fix it?

Here is the okta script of application.yml

    issuer: https://dev-54315943.okta.com/oauth2/default
    audience: api://default
    client-id: 0oa6s3zb19diYE0Fs5d7
    client-secret: Et8NxudIRKlKSTpNPoF0uPkPgNzOuzLx0UGts08G
    scopes: openid, email, profile, offline_access

Here is the controller for okta

public class AuthController {

    public ResponseEntity<AuthenticationResponse> login(
            @AuthenticationPrincipal OidcUser oidcUser,
            Model model,
            OAuth2AuthorizedClient client
    ) {

        log.info("AuthController | login is called");
        log.info("AuthController | login | client : " + client.toString());

        AuthenticationResponse authenticationResponse = null;
                    = AuthenticationResponse.builder()
        }catch (Exception e){
            log.info("AuthController | login | error : " + e.getMessage());

        return new ResponseEntity<>(authenticationResponse, HttpStatus.OK);

Here is the configuration of okta

public class OktaOAuth2WebSecurity {

    public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
        return http.build();

How does your application handle primary authentication into Okta? Redirecting to the Okta hosted login page or are you trying to get an embedded login page working?

Are you following a particular guide/sample of ours?

When I make a request to this link named localhost:9090/authenticate/login okta login page is opened.
Next , I enter email address and password which are already defined as a user in okta and its status named Active. I got a message “Invalid credentials” after clicking the login.

How can I fix it?

First you should run all services defined below in order.
1 ) Registry Server (Eureka Server)
2 ) Cloud Server
3 ) Api Gateway
4 ) Run other services

Here is the example link : Link

Here are some screenshots shown below.

@andrea I’m also having exact same issue. Any idea on how to resolve this ?

Are you seeing an API calls failing when you test your app?

@andrea No any errors when try to login

Hm. so the /authorize call is successful at least, that’s promising. Any logs on the Java side for whether or not the /token call happened and whether or not it succeeded?