this used thymeleaf as UI so my UI was also on the same port as my server, but in actual scenario I have angular application as my UI (client) when I tried getting access token by making a request at https://dev-519045.okta.com/oauth2/default/v1/token
I got CORS issues.
Can someone help me and give an example/blogpost where my authentication is handled by spring boot and UI will be angular having issues with okta integeration, I want minimum configurations on UI side.
any lead will be appreciated
thanks
Thanks For replying,
Yes we are building Resource Server and I am quite new to spring security, we want Okta to send access token to our Resource Server.
whenever client makes request,
Resource server should redirect the flow towards Okta ( Authorization Server) and return access Token to Resource server which after some manipulations we will send it to client and validate accordingly
You might be mixing flows a little. A resource server typically does NOT have user interaction, it would be called by some other client (like a SPA, or some other browser JS code).
If i’m understanding your intent correctly your angular application, would deal with the user’s authentication and obtaining a token (either by redirecting or using the Okta Sign-In Widget) then send that token to your Spring Resource Server.
Yes it did help but later point I start getting the CORS error again
Is it because through Okta portal CORS are enable for my client side as I set base url localhost:4200
so I even tried enabling CORS for my authorization server under
authorization server tab --> trusted Origin --> add origin
Our Spring Boot integration doesn’t do anything with CORS, as that configuration is specific to each application.
It also depends on the CORS error you are seeing (and where the communication is happening) if you have already authenticated, and your Angular app is making calls to your Spring backend, then the CORS config needed is on the Spring side.
You might also need to add OPTIONS requests to your allowed methods (IIRC)