Hi Ranchers,
Hope every one is doing fine in their lives...
It has been a long time since I last visited this forum.!
Javaranch has always been a goto forum for me rather than any other forums for any java related issue, and am happy to be back after so long time..!
I am currently working on Quarkus framework where I am creating an OIDC integration with Okta and am following the Authorization Code Flow!
here is the complete detail of the flow and am currently stuck at:
1) Registered a web app integration with OKTA provider from where we get the details like clientId, clientSecret, clientName, Authorize Endpoint URL, UserInfo URL Token URL.
It also consists of
- sign in redirect url - which is a login callback.
1) User /User browser agent sends a request to a REST endpoint which redirects to an Authorize Endpoint:
2) Authorize endpoint - Endpoint consist of 6 parameters
-clientId
-grant type.
-scope
-redirect-uri
-state
-nonce
3)If the user is not signed in, Okta should send the Login form or page to the user browser asking the user to enter user/password and give consent.
4) Once the user gives consent, and the user is authentication, it verifies the consent and returns "code" and "state" parameters.
5) The code is than exchanged with Authorisation Server's with token endpoint for ID Token.
I tried to implement it in the following way:
Authorise Url:
Configuration in application.properties:
So now I am hitting the url:
http://localhost:8080/api/user/authorise which redirects the browser to the OKTA server app using the OIDC Compliant Authorize URL as follows:
https://dev-72806982.okta.com/oauth2/v1/authorize?clientId=0oa6poeyh6dX58xQn5d7&scope=openid&response_type=code&redirect_uri=https://dev-72806982.okta.com/enduser/callback&response_mode=fragment&state=PUhK0dJqP&nonce=tsvxgewnft
So URL->my authorise endpoint to okta authorise url endpoint redirection happens smoothly.
Since the user is not authenticated, Okta server should sent me the Okta enabled sign in page for entering the credentials and user consent,
it is not happening and I am getting 400 BadRequestException.
Can any body help me get the above issue resolved?
Okta app configuration is as follows: consist of
client ID,
client Secret,
grant type- authorization code,
User consent-require consent,
sign in redirect url:
https://dev-72806982.okta.com/enduser/callback,
login initiated by: Either Okta or App,
login flow : Redirect to app to initiate login (OIDC Compliant)
initiate login uri:
https://dev-72806982.okta.com/enduser/callback
help is aways appreciated.
Regards.
-Pankaj.