Spring security oidc oath2 Okta login invalid user response

I am following this example to secure application without springboot secure-java-ee-rest-api

When I login to the http://localhost:8080/myappContext/ it takes me to Okta logic screen. I enter either one of the user in assign list and click “sign in” it signs in then shows following error.

any help is appreciated

Following is my Okta application configuration

I have Okta developer account application is setup as web application with oidc,

  1. client authentication is “client secret”.
  2. Grant type is (“Client credentials”, “authorization code”, implicit(hybrid) → allow id token with implicit grant type, allow access token with implicit grant type)
  3. sign in direct uri is "http://localhost:8080/myappContext/login/oauth2/code/okta
  4. signet redirect uri is “http://localhost:8080/myappContext
  5. login initiated by “App only”
  6. Federation Broker Mode is disabled.
  7. Okta api scopes granted none.
  8. user assignments user1 and user 2 (2 users)
  9. Groups: every one

Following is my code detail

Spring 5 security with OIDC login for Okta.
spring-framework version 5.3.x
spring security version 5.6.x


public class SecurityWebApplicationInitializer
   extends AbstractSecurityWebApplicationInitializer {

   public SecurityWebApplicationInitializer() {




public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final String clientSecret;
    private final String clientId;
    private final String issuerUri;

    public SecurityConfiguration(@Value("${okta.issuer-uri}") String issuerUri,
            @Value("${okta.client-id}") String clientId,
            @Value("${okta.client-secret}") String clientSecret) {
        this.issuerUri = issuerUri;
        this.clientId = clientId;
        this.clientSecret = clientSecret;

   protected void configure(HttpSecurity http) throws Exception {

   public OAuth2AuthorizedClientService authorizedClientService() {
       return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository());


    public ClientRegistrationRepository clientRegistrationRepository() {
        ClientRegistration okta = getRegistration();
        return new InMemoryClientRegistrationRepository(okta);

    public ClientRegistration getRegistration(){

#My controller#

public class SecureController{

public String authenticated(Principal user){
   return "home";

public String callback(Principal user){
  retur "authenticated"

Hey @faisalloe

Could you check your Okta org’s system logs to see what additional details are logged for this issue?
Log into Okta admin dashboard >> Reports >> System log

What is the behaviour if you run this in Postman? Okta Authentication API Authentication | Okta Developer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.