Introduction

In this post, we're going to task about using okta with oauth2. You might be aware that the spring has shifted the oauth2 support to spring security meaning spring had OAuth as a separate project but when it got popular then spring has decided to rewrite the OAuth with spring security. You can still use spring's legacy OAuth if you like but the project is in maintenance mode and you won't be getting future updates
as spring's core team has decided to move this to spring security.

A quick review of what we're going to do, we will set up authentication for a spring boot application using the okta hosted login page. For that you 
need to register yourself on okta.

Once you've registered on okta, you would need to register your local application on okta, the moment you register your application you get 
the client id and client secret that we will be using in our spring boot applications to leverage the feature of OAuth.

Getting Started

Adding dependency - 

Core dependencies that you would need to use okta is : 

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <dependency>
            <groupId>com.okta.spring</groupId>
            <artifactId>okta-spring-boot-starter</artifactId>
            <version>1.4.0</version>
        </dependency>

Jump right to your application properties files and add the following properties in your application properties/YAML file.
 

okta:
  oauth2:
    issuer: https://something.okta.com/oauth2/default
    client-id: some-alphanumeric-words
    client-secret: some-alphanumeric-words
    redirect-uri: /authorization-code/callback
    scopes:
    - profile
    - email
    - openid

spring:
  security:
    oauth2:
      client:
        provider:
          okta:
            user-name-attribute: email

Explaination 

            okta.oauth2.issuer : Custom authorization server issuer URL
            okta.oauth2.clientId : OAuth2 clientId value.
            okta.oauth2.client-secret : OAuth2 client secret value.
            okta.oauth2.redirect-uri : Login route path. This property should NOT be used with applications that have multiple OAuth2 providers. NOTE: this does NOT work with WebFlux, where the redirect URI will always be: /login/oauth2/code/okta
            spring.security.oauth2.client.provider.okta.username-attribute : Name of the attribute that will be used to extract the username from the call to 'userInfoUri'. 
            okta.oauth2.scopes : Authorization scopes.
 

Configuration 

When we have the following properties in our application. You may want to configure a few things to get your application working. Create a 
class and give it some name and extend your class to WebSecurityConfigurer adapter as you do in spring security.

The same process, you need to override the configure method of the parent class and configure okta this way.

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .anyRequest()
            .authenticated()
                .and()
                    .oauth2Client()
                    .and()
                        .oauth2Login();
    }
    
}
 

Once you have this you're good to use the okta hosted login page for your application. Browse to localhost:8080 and it will redirect you to a login page hosted by okta and you need to use your okta login credentials to log in there. Once you're authorized you're good to access protected resources.
 

Note - Please note that if you're currently logged in to your okta console meaning the account you've set up for okta, in that case, the application will not ask you to log in to you may need to open localhost:8080 on incognito window or try out some other browser.