Troubles getting my accessToken in my java backend app

Hi guys,
I’m working on a test that connects to okta to use it as an OpenId server but I’m having troubling in make it work. This is probably something common but couldn’t find a question similar to this.
To be more specific my app is a java 8 backend app in osx. I was provided the client id, the client secret and the redirect_uri of the app register in okta and I’m trying to get the access token by using authorization code grant type.
First thing I do is to get the access token from console using curl.
For that I follow these four steps:

  1. Call the v1/authorize service to get the code
  2. Login to okta is requerid, so I login from the browser
  3. From this I get the location url. I go to the browser, paste it and get the code.
  4. Call the /v1/token using the code provided to get the access token

This works great! So now I want to do it from my java app. I tried these steps, but something with the login to okta is not working. I was reading these docs
https://developer.okta.com/docs/api/resources/oauth2.html#obtain-an-authorization-grant-from-a-user
https://developer.okta.com/docs/api/resources/authn.html#authentication-operations
but I couldn’t make it work.

I follow these steps

  1. Call the v1/authn service to connect with okta
  2. This service gives me a session token. So now I want to call v1/authorize service with that info. I also added cookies and headers from the response that authn service returned (tried with all nine alternatives: all info, without cookies, without headers, etc).
    2.1 If I use all this data, a 404 is returned
    2.2 If I don’t use one of them (anyone) I get a 200, but the payload is a html that I’m pretty sure is the okta login page. Location is not there of course.
    This is the code I use to get the location
    requestSpecification.relaxedHTTPSValidation(TLS)
    .queryParam(“response_type”, “code”)
    .queryParam(“client_id”, OPEN_ID_CLIENT_ID)
    .queryParam(“scope”, scope)
    .queryParam(“state”, “123”)
    .queryParam(“nonce”, “avalue”)
    .queryParam(“redirect_uri”, OPEN_ID_REDIRECT_URI)
    .queryParam(“sessionToken”, oktaSessionToken)
    .cookies(cookiesMap)
    .headers(headersMap)
    .get(CODE_URL))
    CookiesMap, headersMap and oktaSessionToken are the returned values from authn
    This is the head of the html I’m getting (might be useful?)
<script>if (typeof module === 'object') {window.module = module; module = undefined;}</script>

<title>******* - Sign In</title>
    <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="robots" content="none" />

<link href="https://op1static.oktacdn.com/assets/loginpage/css/okta-sign-in.min.94146f30b6c2e51c29ed6e53ea6d1e8.css" type="text/css" rel="stylesheet"/><link href="https://op1static.oktacdn.com/assets/loginpage/css/loginpage-theme.d04e4505faecdbf6ef389aa3337dd6.css" type="text/css" rel="stylesheet"/><script>
    var okta = {
        locale: 'en'
    };
</script>
<script>window.okta || (window.okta = {}); okta.cdnUrlHostname = "//op1static.oktacdn.com"; okta.cdnPerformCheck = false;</script><script>window.okta || (window.okta = {});window.okta.mixpanel = true;</script><script>if (window.module) module = window.module;</script>

Could anyone tell me what I’m doing wrong? I hope I’m not missing any useful information.

You might want to check out https://github.com/okta/samples-java-spring-mvc or https://github.com/okta/samples-java-dropwizard to see how the flow should work.

Hi, thanks for the reply!
I’m looking the code, but I’m not able to see clearly how the step I need is done. It’s using node js and angular which I’m no familiar with, so I’m sure I’m missing something, but as I can see these examples includes front end, which I will not have to do my tests.
I see there is some custom sign in widget which makes me wonder if this could be used on the backend or not.
I think I understand the flow as I explained in the previous post (as I said, this works fine if I use curl) , but I must be missing something in the call to get the code, some cookie or so, as my problem is that I’m not staying login into okta.
Could you guide me to find this in these examples?