OKTA integration with SpringBoot — Micro Services
Few days back i received a requirement to integrate two micro services. Microservice A is a UI component that does authentication and should able to communicate with Microservice B.
That’s a simple and straight forward requirement, This took quite some time to figure out everything. These are the steps we followed to get it working.
Set up OKTA app
This step is to create OKTA application that can understand authorization code. For my use case, i chose Web Application.
- Login to OKTA, Goto Applications > add application > Select ‘Web’ application. Select all default settings and click ‘Done’
- Notice Client credentials (Client ID and Client Secret).

Authorize and Access Token:
We are not going to use UI component here. Instead we use postman to authorize. Invoking OKTA authorize service will redirect to default authentication screen for you to create entire user name and password.
Get following details from OKTA dev console.
- API>Authorization Servers>Issuer URI :
https://<<orgname>>.oktapreview.com/oauth2/default2. client_id, redirect_uri from the OKTA application General information tab.
3. Frame following URL and access it your browser
https://<<orgname>>.oktapreview.com/oauth2/default/v1/authorize?client_id=<<client id>>&redirect_uri= <<redirect url>>&response_type=code&scope=openid&state=randomstate-asdf4. You will see default OKTA login screen. Log in with the user you created to access this app.

5. Notice after the login is success, you are redirected to redirect url mentioned along with code and state parameters in the url.
In this example you will see something like this
http://localhost:8080/authorization-code/callback?code=MEIgEHtlPTzQNGLp5A&state=randomstate-asdfyou need to take code from this URL. Note code is valid only for 60 seconds.
At this point you are done with authorization. You have to get access code by calling token service.
For getting Access Token we need following input params.
- Client ID, Client Secret and redirect URL from General tab in OKTA dev console.
- Open Postman, Select POST request start filling following information
URL: https://<<orgname>>.oktapreview.com/oauth2/default/v1/tokenselect Body and Content type as “application/x-www-form-urlencoded”
start entering key value pairs
Key/Value:
grant_type/authorization_code
redirect_uri/http://localhost:8080/authorization-code/callback
code:<< from above>> (eg: MEIgEHtlPTzQNGLp5A)


So far we got what we need, to communicate with okta token service, we need basic authorization, For that select Authorization and select “Basic Authorization”
username: <<client id>>
password:<< client secret>>

That’s it click send you will see response like below:
{
“access_token”: “eyJraWQiOiJlQkVCUm9VT2dJM2dCY1…”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“scope”: “openid”,
“id_token”: “eyJraWQiOiJlQkVCUm9VT2dJM2dCY1ljWVEz…”
}
HTTP 403 error: it took me few hours in office network to find why i was getting 403 error. Its all because of postman was not taking the proxy settings. I had to use curl with proxy setting to get the response like above.
Second part is completed. In next part , lets find out how to use access_token to access micro service B.
Only with valid access token any one can access micro service B.
In the above code base, update properties according to your okta application. Once application is started, Use postman to test your application.
Get the access token from above step and use that as bearer token in postman authorization.

you should see response as
“Hello user”
Have nice coding.