Spring boot webserver with Private Key config

sandra2994 · August 6, 2020, 8:38am

Hi,

I have a front end spring boot webserver. I have a client configured in okta with token_endpoint_auth_method as “private_key_jwt”. How can I implement a PKCE flow with this setup? Should I use OKTA sign in widget from the client side or delegate the same flow to the server? Also does okta spring boot support private_key_jwt?

phi1ipp · August 6, 2020, 8:33pm

private_key_jwt: Use this when you want maximum security. This method is more complex and requires a server, so it can't be used with public clients.

I believe, sign-in widget can do that, but it’s only to obtain an authorization code, which you will send to your backend for it to be exchanged for the token on a back-channel

Post		Replies	Views
How to authenticate client using signed jwt with private key Questions	3	6611	March 20, 2019
Must use the private_key_jwt token_endpoint_auth_method? Questions	5	3824	May 1, 2023
Bad Request, when trying to get Access token using JWT token Questions spring , java	4	4115	February 8, 2024
Use Okta Auth Js with Web App instead of SPA Questions angular , authjs	4	2442	February 15, 2024
Okta Documentation not clear - How to get access token using Okta SDK Questions	3	4277	February 8, 2024

Spring boot webserver with Private Key config

Related topics