Search code examples
authenticationjwtsingle-sign-onaccess-tokenokta

how to get okta login page in java application

I am new to okta and not sure if I understand the things correctly.

I have an existing java web application and its deployed in 2 tomcat servers; one for UI and one Services. Now we are using Redhat SSO in UI to login and no spring on UI code.

Right now, I have to use OKTA instead of redhat sso. I have followed the steps mentioned here. https://developer.okta.com/blog/2018/09/12/secure-java-ee-rest-api

instead of the below:

jwtVerifier = new JwtHelper()
                    .setIssuerUrl("https://{yourOktaDomain}/oauth2/default")
                    .setClientId("{yourClientId}")
      
          .build();

Used below:

AccessTokenVerifier jwtVerifier = JwtVerifiers.accessTokenVerifierBuilder()
              .setIssuer("https://dev-xxxx.okta.com/oauth2/aus2ibr84krwxxxx")
              .setAudience("testAudience") 
              .setConnectionTimeout(Duration.ofSeconds(1))
              .setReadTimeout(Duration.ofSeconds(1))
              .build();

Both the above code is working fine without any issue.. but when I try to hit the signin URL i am getting 401 status code.

I also tried the below ones with .setAudience("api://default")

//.setIssuer("https://dev-xxx.okta.com/oauth2/default")
//.setIssuer("https://dev-xxx.okta.com")
//.setIssuer("https://dev-xxx.okta.com/api/v1/authorizationServers/default")

Then, was thinking that I need to validate token in first place. So added the below piece of code to validate token with default one. Its failing when I call the decode. Initially I got "Caused by: io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: ??i???z???N?". Then I created another token and then used that. Now getting "com.okta.jwt.JwtVerificationException: Token did not contain signature"

try {
            Jwt jwt = jwtVerifier.decode("C4o4J2aspA68D5si1bRd9YXd_ushOGH4x7UnHlMsL8");
            return (String) jwt.getClaims().get("uid"); 
        } catch (JwtVerificationException e) {
              log.error("local introspect error", e);
              return null;
        }

Do we need to really validate token explicitly in the code? If so how to get the token from okta? I assume the application is hitting okta server and its not authorizing for some reason.

Can some one help me please to clarify my doubt or some working example which i can use or some light on my issue? Note: not using Maven, with ANT still.

Solution

  • Followed this URL and got the login page. https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/#grant-type-flow

    Constructed the URL as mentioned and called sendRedirect to get the login page.