OKTA integration with SpringBoot — Micro Services

Pradeep Batchu
Sep 2, 2018 · 3 min read

Few days back i received a requirement to integrate two micro services. Microservice A is a UI component that does authentication and should able to communicate with Microservice B.

That’s a simple and straight forward requirement, This took quite some time to figure out everything. These are the steps we followed to get it working.

Set up OKTA app

This step is to create OKTA application that can understand authorization code. For my use case, i chose Web Application.

  1. Login to OKTA, Goto Applications > add application > Select ‘Web’ application. Select all default settings and click ‘Done’
  2. Notice Client credentials (Client ID and Client Secret).

Authorize and Access Token:

We are not going to use UI component here. Instead we use postman to authorize. Invoking OKTA authorize service will redirect to default authentication screen for you to create entire user name and password.

Get following details from OKTA dev console.

  1. API>Authorization Servers>Issuer URI :
https://<<orgname>>.oktapreview.com/oauth2/default

2. client_id, redirect_uri from the OKTA application General information tab.

3. Frame following URL and access it your browser

https://<<orgname>>.oktapreview.com/oauth2/default/v1/authorize?client_id=<<client id>>&redirect_uri= <<redirect url>>&response_type=code&scope=openid&state=randomstate-asdf

4. You will see default OKTA login screen. Log in with the user you created to access this app.

Default OKTA login screen

5. Notice after the login is success, you are redirected to redirect url mentioned along with code and state parameters in the url.

In this example you will see something like this

http://localhost:8080/authorization-code/callback?code=MEIgEHtlPTzQNGLp5A&state=randomstate-asdf

you need to take code from this URL. Note code is valid only for 60 seconds.

At this point you are done with authorization. You have to get access code by calling token service.

For getting Access Token we need following input params.

  1. Client ID, Client Secret and redirect URL from General tab in OKTA dev console.
  2. Open Postman, Select POST request start filling following information
URL: https://<<orgname>>.oktapreview.com/oauth2/default/v1/token

select Body and Content type as “application/x-www-form-urlencoded”

start entering key value pairs

Key/Value:

grant_type/authorization_code

redirect_uri/http://localhost:8080/authorization-code/callback

code:<< from above>> (eg: MEIgEHtlPTzQNGLp5A)

So far we got what we need, to communicate with okta token service, we need basic authorization, For that select Authorization and select “Basic Authorization”

username: <<client id>>

password:<< client secret>>

That’s it click send you will see response like below:

{
“access_token”: “eyJraWQiOiJlQkVCUm9VT2dJM2dCY1…”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“scope”: “openid”,
“id_token”: “eyJraWQiOiJlQkVCUm9VT2dJM2dCY1ljWVEz…”
}

HTTP 403 error: it took me few hours in office network to find why i was getting 403 error. Its all because of postman was not taking the proxy settings. I had to use curl with proxy setting to get the response like above.

Second part is completed. In next part , lets find out how to use access_token to access micro service B.


Only with valid access token any one can access micro service B.

In the above code base, update properties according to your okta application. Once application is started, Use postman to test your application.

Get the access token from above step and use that as bearer token in postman authorization.

you should see response as

“Hello user”

Have nice coding.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade