Spring Boot with Okta

Posted By : Amit Mishra | 28-Jun-2021


In this post, we're going to task about using okta with oauth2. You might be aware that the spring has shifted the oauth2 support to spring security meaning spring had OAuth as a separate project but when it got popular then spring has decided to rewrite the OAuth with spring security. You can still use spring's legacy OAuth if you like but the project is in maintenance mode and you won't be getting future updates
as spring's core team has decided to move this to spring security.

A quick review of what we're going to do, we will set up authentication for a spring boot application using the okta hosted login page. For that you 
need to register yourself on okta.

Once you've registered on okta, you would need to register your local application on okta, the moment you register your application you get 
the client id and client secret that we will be using in our spring boot applications to leverage the feature of OAuth.

Getting Started

Adding dependency - 

Core dependencies that you would need to use okta is : 


Jump right to your application properties files and add the following properties in your application properties/YAML file.

    issuer: https://something.okta.com/oauth2/default
    client-id: some-alphanumeric-words
    client-secret: some-alphanumeric-words
    redirect-uri: /authorization-code/callback
    - profile
    - email
    - openid

            user-name-attribute: email


            okta.oauth2.issuer : Custom authorization server issuer URL
            okta.oauth2.clientId : OAuth2 clientId value.
            okta.oauth2.client-secret : OAuth2 client secret value.
            okta.oauth2.redirect-uri : Login route path. This property should NOT be used with applications that have multiple OAuth2 providers. NOTE: this does NOT work with WebFlux, where the redirect URI will always be: /login/oauth2/code/okta
            spring.security.oauth2.client.provider.okta.username-attribute : Name of the attribute that will be used to extract the username from the call to 'userInfoUri'. 
            okta.oauth2.scopes : Authorization scopes.



When we have the following properties in our application. You may want to configure a few things to get your application working. Create a 
class and give it some name and extend your class to WebSecurityConfigurer adapter as you do in spring security.

The same process, you need to override the configure method of the parent class and configure okta this way.

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {


Once you have this you're good to use the okta hosted login page for your application. Browse to localhost:8080 and it will redirect you to a login page hosted by okta and you need to use your okta login credentials to log in there. Once you're authorized you're good to access protected resources.

Note - Please note that if you're currently logged in to your okta console meaning the account you've set up for okta, in that case, the application will not ask you to log in to you may need to open localhost:8080 on incognito window or try out some other browser. 

About Author

Author Image
Amit Mishra

Amit is a spring web developer. He has good knowledge of Spring Cloud, Spring Boot, Spring MVC, Hibernate, and some template engines like jsp and thymleaf.

Request for Proposal

Name is required

Comment is required

Sending message..