com.okta.spring.boot.oauth

Class Okta

java.lang.Object

com.okta.spring.boot.oauth.Okta

public final class Okta
extends java.lang.Object

Okta + Spring Security utility methods.

Since:

1.2.0

Method Summary

Modifier and Type	Method and Description
static org.springframework.security.config.annotation.web.builders.HttpSecurity	configureOAuth2WithPkce(org.springframework.security.config.annotation.web.builders.HttpSecurity http, org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository) Configures the http with an OAuth2 Login, that supports PKCE.
static org.springframework.security.config.web.server.ServerHttpSecurity	configureOAuth2WithPkce(org.springframework.security.config.web.server.ServerHttpSecurity http, org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository clientRegistrationRepository) Configures the http with an OAuth2 Login, that supports PKCE.
static org.springframework.security.config.annotation.web.builders.HttpSecurity	configureResourceServer401ResponseBody(org.springframework.security.config.annotation.web.builders.HttpSecurity http) Configures the http to return a NON-EMPTY response body if the client supports the Media Type text/plain.
static org.springframework.security.config.web.server.ServerHttpSecurity	configureResourceServer401ResponseBody(org.springframework.security.config.web.server.ServerHttpSecurity http) Configures the http to return a NON-EMPTY response body if the client supports the Media Type text/plain.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

configureResourceServer401ResponseBody

public static org.springframework.security.config.web.server.ServerHttpSecurity configureResourceServer401ResponseBody(org.springframework.security.config.web.server.ServerHttpSecurity http)

Configures the http to return a NON-EMPTY response body if the client supports the Media Type text/plain. This is to work around an issue with Chrome, when a response body is empty, Chrome will show a `This site can’t be reached`, ERR_INVALID_RESPONSE error. The body content will contain the HTTP Status and simple message such as `401 Unauthorized`.

Parameters:

http - the ServerHttpSecurity to configure

Returns:

the http to allow method chaining

configureResourceServer401ResponseBody

public static org.springframework.security.config.annotation.web.builders.HttpSecurity configureResourceServer401ResponseBody(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                                                                                                                       throws java.lang.Exception

Configures the http to return a NON-EMPTY response body if the client supports the Media Type text/plain. This is to work around an issue with Chrome, when a response body is empty, Chrome will show a `This site can’t be reached`, ERR_INVALID_RESPONSE error. The body content will contain the HTTP Status and simple message such as `401 Unauthorized`.

Parameters:

http - the HttpSecurity to configure

Returns:

the http to allow method chaining

Throws:

java.lang.Exception

configureOAuth2WithPkce

public static org.springframework.security.config.web.server.ServerHttpSecurity configureOAuth2WithPkce(org.springframework.security.config.web.server.ServerHttpSecurity http,
                                                                                                        org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository clientRegistrationRepository)

Configures the http with an OAuth2 Login, that supports PKCE. The default Spring Security implementation only enables PKCE for public clients.

NOTE: Enabling PKCE will be required for all clients (public and confidential) in the future OAuth 2.1 spec.

Parameters:

http - the ServerHttpSecurity to configure

clientRegistrationRepository - the repository bean, this should be injected into the calling method.

Returns:

the http to allow method chaining

configureOAuth2WithPkce

public static org.springframework.security.config.annotation.web.builders.HttpSecurity configureOAuth2WithPkce(org.springframework.security.config.annotation.web.builders.HttpSecurity http,
                                                                                                               org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)
                                                                                                        throws java.lang.Exception

Configures the http with an OAuth2 Login, that supports PKCE. The default Spring Security implementation only enables PKCE for public clients.

NOTE: Enabling PKCE will be required for all clients (public and confidential) in the future OAuth 2.1 spec.

Parameters:

http - the HttpSecurity to configure

clientRegistrationRepository - the repository bean, this should be injected into the calling method.

Returns:

the http to allow method chaining

Throws:

java.lang.Exception