• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Quarkus OIDC with Okta (Okta Enabled Sign in widget does not appear and I get BadRequestException)

 
Ranch Hand
Posts: 338
Scala Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ranchers,

Hope every one is doing fine in their lives...
It has been a long time since I last visited this forum.!
Javaranch has always been a goto forum for me rather than any other forums for any java related issue, and am happy to be back after so long time..!

I am currently working on Quarkus framework where I am creating an OIDC integration with Okta and am following the Authorization Code Flow!

here is the complete detail of the flow and am currently stuck at:
1) Registered a web app integration with OKTA provider from where we get the details like clientId, clientSecret, clientName, Authorize Endpoint URL, UserInfo URL Token URL.
   It also consists of
    - sign in redirect url - which is a login callback.

1) User /User browser agent sends a request to a REST endpoint which redirects to an Authorize Endpoint:
2) Authorize endpoint - Endpoint consist of 6 parameters
-clientId
-grant type.
-scope
-redirect-uri
-state
-nonce

3)If the user is not signed in, Okta should send the Login form or page to the user browser asking the user to enter user/password and give consent.
4) Once the user gives consent, and the user is authentication, it verifies the consent and returns "code" and "state"  parameters.
5) The code is than exchanged with Authorisation Server's with token endpoint for ID Token.


I tried to implement it in the following way:

Authorise Url:

   

Configuration in application.properties:


 

So now I am hitting the url:
http://localhost:8080/api/user/authorise which redirects the browser to the OKTA server app using the OIDC Compliant Authorize URL as follows:

https://dev-72806982.okta.com/oauth2/v1/authorize?clientId=0oa6poeyh6dX58xQn5d7&scope=openid&response_type=code&redirect_uri=https://dev-72806982.okta.com/enduser/callback&response_mode=fragment&state=PUhK0dJqP&nonce=tsvxgewnft

So URL->my authorise endpoint to okta authorise url endpoint redirection happens smoothly.

Since the user is not authenticated, Okta server should sent me the Okta enabled sign in page for entering the credentials and user consent,  it is not happening and I am getting 400 BadRequestException.

Can any body help me get the above issue resolved?

Okta app configuration is as follows: consist of

client ID,
client Secret,
grant type- authorization code,
User consent-require consent,
sign in redirect url: https://dev-72806982.okta.com/enduser/callback,
login initiated by:  Either Okta or App,
login flow : Redirect to app to initiate login (OIDC Compliant)
initiate login uri:  https://dev-72806982.okta.com/enduser/callback

help is aways appreciated.

Regards.
-Pankaj.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic