Hi,
I got the okta hosted login page working but now when am trying to sign in by giving the creds of my okta developer account but in the springboot logs am seeing multiple redirects happening and finally shows too_many_redirects issue in the browser…my app.properties is as follows
This is a common issue when setting up an Okta-backed Spring Boot application. The “too many redirects” error almost always indicates a redirect loop. The typical flow for an OAuth 2.0/OIDC application with Okta is:
A user tries to access a protected resource in your Spring Boot application.
Spring Security detects that the user is not authenticated and redirects them to Okta’s login page.
The user signs in successfully on the Okta page.
Okta redirects the user’s browser back to your application at the configured redirect-uri (e.g., http://localhost:8080/login/oauth2/code/okta). This redirect includes an authorization code.
Your Spring Boot application receives the authorization code and makes a back-channel request to Okta to exchange the code for an access token and an ID token.
Your application establishes a session for the user and then redirects them to the resource they were originally trying to access.
A redirect loop occurs when step 5 fails for some reason. The application receives the authorization code but cannot successfully exchange it for tokens. Since the user is still not authenticated from the application’s perspective, the application redirects them back to Okta (step 2), where they are already logged in (due to the Okta session). Okta then redirects them back to your application (step 4), and the cycle repeats.
What you can do is the following:
Check your redirect URIs, application.properties file must exactly match the “Login redirect URIs” configured in your Okta Application Integration.
Make sure http://localhost:8080/login/oauth2/code/okta is one of the “Login redirect URIs” for your application in the Okta Admin Console. A single typo (e.g., a missing slash or a different port) will cause this issue.
The most frequent cause of the token exchange failing is an invalid issuer, client-id, or client-secret. Double-check these values for typos. Copy-pasting them directly is the best way to avoid errors.
okta.oauth2.issuer:This should be the URL of your Okta Authorization Server. For a developer account, it typically looks like https://dev-xxxxxx.okta.com/oauth2/default. The /oauth2/default part is crucial.
okta.oauth2.client-id and okta.oauth2.client-secret: These values must exactly match the ones generated for your application integration in the Okta Admin Console.
Also you can add debug logging level to you application properties, to analyze the logs for any errors related to the token exchange.
Hi,
I tried all these but still does not work.Please find the pastebin link…https://pastebin.com/LeQgcszL...Have verified the URI’s from okta developer account admin console and they match…please suggest