This implementation uses the okta-spring-boot-starter (https://github.com/okta/okta-spring-boot) dependency.
See other branches for different implementations.
- Set the okta.oauth2 issuer, client-id, client-secret properties in the application.yml file (see Okta Application Setup)
- Run the Gradle task "bootRun":
gradlew bootRun - Navigate to:
- http://localhost:8080/ for public access
- http://localhost:8080/user for "OIDC Sample App User" group member access
- http://localhost:8080/admin for "OIDC Sample App Admin" group member access
-
Create the role groups
- Navigate to "Users" > "Groups"
- Click "Add Group"
- Create a group named "OIDC Sample App Admin"
- Click on newly crated group "OIDC Sample App Admin"
- Click "Add Members"
- Search for and add the desired users to the grpup
- Create another group named "OIDC Sample App User" and assign members
-
Add groups claim to the id token of the authorization server
- Navigate to "API" > "Authorization Servers"
- On the "Authorization Servers" tab edit the default entry
- Select the "Claims" tab and click "Add Claim"
- Create the new claim with the following properties:
- Name: "groups"
- Include in Token Type: "ID Token" and "Always"
- Value type: "Groups"
- Filter: "Matches regex" and the value ".*"
- Disable claim: not checked
- Include in: "Any scope"
-
Create the OIDC App
- Navigate to "Applications"
- Click "Add Application"
- Choose "Web" and click "NEXT"
- Create the new application with the following properties:
- Name: something meaningful to you
- Base URIs: none
- Login redirect URIs: "http://localhost:8080/login/oauth2/code/okta"
- Group assignments: "OIDC Sample App Admin" and "OIDC Sample App User"
- Grand type allowed: "Authorization Code"
- Note "Client ID" and "Client secret" for application.yaml