Spring Boot with Okta
Posted By : Amit Mishra | 28-Jun-2021
Introduction
In this post, we're going to task about using okta with oauth2. You might be aware that the spring has shifted the oauth2 support to spring security meaning spring had OAuth as a separate project but when it got popular then spring has decided to rewrite the OAuth with spring security. You can still use spring's legacy OAuth if you like but the project is in maintenance mode and you won't be getting future updates
as spring's core team has decided to move this to spring security.
A quick review of what we're going to do, we will set up authentication for a spring boot application using the okta hosted login page. For that you
need to register yourself on okta.
Once you've registered on okta, you would need to register your local application on okta, the moment you register your application you get
the client id and client secret that we will be using in our spring boot applications to leverage the feature of OAuth.
Getting Started
Adding dependency -
Core dependencies that you would need to use okta is :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>com.okta.spring</groupId>
<artifactId>okta-spring-boot-starter</artifactId>
<version>1.4.0</version>
</dependency>
Jump right to your application properties files and add the following properties in your application properties/YAML file.
okta:
oauth2:
issuer: https://something.okta.com/oauth2/default
client-id: some-alphanumeric-words
client-secret: some-alphanumeric-words
redirect-uri: /authorization-code/callback
scopes:
- profile
- email
- openid
spring:
security:
oauth2:
client:
provider:
okta:
user-name-attribute: email
Explaination
okta.oauth2.issuer : Custom authorization server issuer URL
okta.oauth2.clientId : OAuth2 clientId value.
okta.oauth2.client-secret : OAuth2 client secret value.
okta.oauth2.redirect-uri : Login route path. This property should NOT be used with applications that have multiple OAuth2 providers. NOTE: this does NOT work with WebFlux, where the redirect URI will always be: /login/oauth2/code/okta
spring.security.oauth2.client.provider.okta.username-attribute : Name of the attribute that will be used to extract the username from the call to 'userInfoUri'.
okta.oauth2.scopes : Authorization scopes.
Configuration
When we have the following properties in our application. You may want to configure a few things to get your application working. Create a
class and give it some name and extend your class to WebSecurityConfigurer adapter as you do in spring security.
The same process, you need to override the configure method of the parent class and configure okta this way.
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2Client()
.and()
.oauth2Login();
}
}
Once you have this you're good to use the okta hosted login page for your application. Browse to localhost:8080 and it will redirect you to a login page hosted by okta and you need to use your okta login credentials to log in there. Once you're authorized you're good to access protected resources.
Note - Please note that if you're currently logged in to your okta console meaning the account you've set up for okta, in that case, the application will not ask you to log in to you may need to open localhost:8080 on incognito window or try out some other browser.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Amit Mishra
Amit is a spring web developer. He has good knowledge of Spring Cloud, Spring Boot, Spring MVC, Hibernate, and some template engines like jsp and thymleaf.