Spring security oidc oath2 Okta login invalid user response

Questions OAuth/OIDC
1

I am following this example to secure application without springboot secure-java-ee-rest-api

When I login to the http://localhost:8080/myappContext/ it takes me to Okta logic screen. I enter either one of the user in assign list and click “sign in” it signs in then shows following error.

any help is appreciated

IMG_3831
IMG_38311920×483 141 KB

Following is my Okta application configuration

I have Okta developer account application is setup as web application with oidc,

  1. client authentication is “client secret”.
  2. Grant type is (“Client credentials”, “authorization code”, implicit(hybrid) → allow id token with implicit grant type, allow access token with implicit grant type)
  3. sign in direct uri is "http://localhost:8080/myappContext/login/oauth2/code/okta
  4. signet redirect uri is “http://localhost:8080/myappContext
  5. login initiated by “App only”
  6. Federation Broker Mode is disabled.
  7. Okta api scopes granted none.
  8. user assignments user1 and user 2 (2 users)
  9. Groups: every one

Following is my code detail

Spring 5 security with OIDC login for Okta.
spring-framework version 5.3.x
spring security version 5.6.x

#SecurityWebApplicationInitializer.java#

public class SecurityWebApplicationInitializer
   extends AbstractSecurityWebApplicationInitializer {

   public SecurityWebApplicationInitializer() {
       super(SecurityConfiguration.class);
   }
}

#application.properties#

okta.client-id={clientId}
okta.client-secret={clientSecret}
okta.issuer-uri=https://{yourOktaDomain}/oauth2/default

#SecurityConfiguration.java#

@Configuration
@EnableWebSecurity
@PropertySource("classpath:application.properties")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final String clientSecret;
    private final String clientId;
    private final String issuerUri;

    @Autowired
    public SecurityConfiguration(@Value("${okta.issuer-uri}") String issuerUri,
            @Value("${okta.client-id}") String clientId,
            @Value("${okta.client-secret}") String clientSecret) {
        this.issuerUri = issuerUri;
        this.clientId = clientId;
        this.clientSecret = clientSecret;
    }

@Override
   protected void configure(HttpSecurity http) throws Exception {
      http
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                .and()
           .authorizeRequests()
               .anyRequest().authenticated()
               .and()
           .oauth2Login();
   }

   @Bean
   public OAuth2AuthorizedClientService authorizedClientService() {
       return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository());
   }

  

   @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        ClientRegistration okta = getRegistration();
        return new InMemoryClientRegistrationRepository(okta);
    }

    public ClientRegistration getRegistration(){
    
      ClientRegistrations.fromOidcIssuerLocation(Objects.requireNonNull(issuerUri))
            .registrationId("okta")
            .clientId(clientId)
            .clientSecret(clientSecret)
            .build();
    }
}

#My controller#

public class SecureController{

@RequestMapping("/")
public String authenticated(Principal user){
   return "home";
}

@RequestMapping("/login/oauth2/code/okta")
public String callback(Principal user){
  retur "authenticated"
}
}
2

Hey @faisalloe

Could you check your Okta org’s system logs to see what additional details are logged for this issue?
Log into Okta admin dashboard >> Reports >> System log

What is the behaviour if you run this in Postman? Okta Authentication API Authentication | Okta Developer

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.