Spring Security OIDC Demo

app.groovy

@Grab('spring-boot-starter-oauth2-client')

@RestController
class Application {

  @GetMapping('/')
  String home(java.security.Principal user) {
    'Hello ' + user.name
  }
}

HomeController.java

@RestController
class HomeController {

    @GetMapping("/")
    public String hello(@AuthenticationPrincipal OidcUser user) {
        return "Hello, " + user.getFullName();
    }
}

OIDC QuickStart with Spring Security

For app.groovy to work, you'll need to:

1. Register a Web app on Okta

2. Set the Login redirect URI to http://localhost:8080/login/oauth2/code/okta

3. Create an okta.env with the following settings.

    export SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OKTA_ISSUER_URI=https://dev-133320.okta.com/oauth2/default
    export SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OKTA_CLIENT_ID=0oa2i1c3qxrCrIk3C357
    export SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OKTA_CLIENT_SECRET=AGtxec_kUbR4VGo9JdWaI1lUbnnKbivMC6tIaj4a
   

4. Run source okta.env, followed by spring run app.groovy. Navigate to http://localhost:8080 and you'll be prompted to log in. It will only show you the user's unique identifier.

Do More with Java

1. To get their full name, create a new Spring Boot app with HTTPie and expand the downloaded zip file.

    http https://start.spring.io/starter.zip dependencies==okta,web javaVersion==11 -d
    unzip -d java-boot demo.zip
   

2. Use the Okta Maven Plugin to create an Okta account and register a Spring Boot app.

    mvn com.okta:okta-maven-plugin:setup
   

3. Start your app with ./mvnw spring-boot:run and go to http://localhost:8080. After logging in, your full name will be displayed.