SSO for Angular 6 and Java Spring Boot 1.5.1 Web App

Hi Everyone,

I am building a SSO for my team. We use Angular 6 in the front end and backend Java Spring Boot 1.5.1 running on Tomcat Server.

I am a bit new to building SSO.
Currently okta SSO integration with angular is done. Once a user successfully logins through okta, he will be redirected to our web application home page.

But now the issue is Authentication, When the user is successfully redirected to the web application home page from okta, the web application tries to access the backend API and throws a 401 unauthorized error.

I found this sample application online that works well for Spring Boot 2.x. https://github.com/okta/samples-java-spring/tree/master/resource-server but it doesn’t apply as our backend code uses spring boot 1.5.

Can someone suggest on how to authenticate the okta user with the Spring boot 1.5 backend.

Here is a sample response error message.

  • Request URL: http://localhost:4200/abcapp/dashboard
    • Request Method: GET
    • Status Code: 401 Unauthorized
    • Remote Address: 127.0.0.1:4200
    • Referrer Policy: no-referrer-when-downgrade
  • Response Headers view source
    • access-control-allow-credentials: true
    • access-control-allow-headers: X-Requested-With, Content-Type, Authorization, authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, OTP, Reset-QR, UUID
    • access-control-allow-methods: POST, GET, PUT, OPTIONS, DELETE
    • Access-Control-Allow-Origin: *
    • access-control-max-age: 3600
    • cache-control: no-cache, no-store, max-age=0, must-revalidate, no-store

Thanks!

Hi @Developer_T,

Take a look at this demo application which uses spring boot 1.5 and see if it helps - https://github.com/oktadeveloper/okta-spring-boot-oauth2-migration-example/tree/master/oauth2-demo-1.5

Also, your issue is with “Authorization” and not “Authentication”. Your angular front-end is trying to make an API call to the spring boot backend, it’s not “Authorized” because of an invalid/non-existent access token. Hopefully, you can use the linked demo application for your usecase.