I have set up okta as an identity provider for my app running on localhost:8080. I have been able to successfully.
My okta app is setup like this:
After login, I wish to see the access token and refresh token - which is where the problem is. I'm able to see the access token but refresh token is always null. See below where I've printed out the values using system out println. System out from printing access token and refresh token
This is how I am attempting to access these variables:
package com.okta.spring.example;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;
import java.util.Collections;
@SpringBootApplication
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class CodeFlowExampleApplication {
public static void main(String[] args) {
SpringApplication.run(CodeFlowExampleApplication.class, args);
}
/**
* The default Spring logout behavior redirects a user back to {code}/login?logout{code}, so you will likely want
* to change that. The easiest way to do this is by extending from {@link WebSecurityConfigurerAdapter}.
*/
@Configuration
static class WebConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// allow antonymous access to the root page
.antMatchers("/").permitAll()
// all other requests
.anyRequest().authenticated()
// set logout URL
.and().logout().logoutSuccessUrl("/")
// enable OAuth2/OIDC
.and().oauth2Client()
.and().oauth2Login();
}
}
/**
* This example controller has endpoints for displaying the user profile info on {code}/{code} and "you have been
* logged out page" on {code}/post-logout{code}.
*/
@Controller
public class ExampleController {
@GetMapping("/")
public String home() {
return "home";
}
@GetMapping("/profile")
@PreAuthorize("hasAuthority('SCOPE_profile')")
public ModelAndView userDetails(OAuth2AuthenticationToken authentication,
@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) {
final OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
System.out.println("AccessToken: {}" + accessToken.getTokenValue());
final OAuth2RefreshToken refreshToken = authorizedClient.getRefreshToken();
System.out.println("RefreshToken: {}" + refreshToken);
System.out.println(authentication.getCredentials());
return new ModelAndView("userProfile" , Collections.singletonMap("details", authentication.getPrincipal().getAttributes()));
}
}
}
This is how I'm redirecting to okta for sign in:
<form method="get" th:action="@{/oauth2/authorization/okta}" th:unless="${#authorization.expression('isAuthenticated()')}">
<button id="login-button" class="btn btn-primary" type="submit">Login</button>
</form>
Am I missing something? Can someone help with this? Thanks!
