<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00008JOqYvSALOkta Classic EngineSingle Sign-OnAnswered2023-08-24T19:43:00.000Z2020-04-20T02:18:10.000Z2020-04-24T01:03:36.000Z

GregH.10697 (Customer) asked a question.

April 20, 2020 at 2:18 AM
Please update tutorial https://developer.okta.com/blog/2018/07/19/simple-crud-react-and-spring-boot

I've been successfully executing tutorial until I got to "Create an OIDC App in Okta" section. Okta must have changed its process since this was written because now the words don't match the experience. Specifically, he says to put in the clientSecret in application.yml. There is no client secret. Now there's something called PKCE. I don't have time or patience to figure out documentation. That's why I use tutorials. Could someone please update this one or point me to a new one?

  • 6 answers
  • 613 views

  • User15857131905347322946 (Customer)

    Hi,

     

    I've been working with the same tutorial, but it's been working for me. Here are the properties - note that I changed from the yml to applications.properties:

     

    spring.profiles.active=@spring.profiles.active@

    spring.security.oauth2.client.registration.okta.client-id=xxxxxxxx

    spring.security.oauth2.client.registration.okta.client-secret=xxxxxx

    spring.security.oauth2.client.registration.okta.scope=openid, email, profile

    spring.security.oauth2.client.provider.okta.issuer-uri=https://dev-xxxxx.okta.com/oauth2/default

     

    Expand Post

  • GregH.10697 (Customer)

    Thanks Mark. Where do I find the "client-secret"? I'm logged into the Okta dashboard and can't find it anywhere.

  • User15857131905347322946 (Customer)

    Hi Greg,

     

    If you haven't found yet, it's under the application tab. Click on the link with the name of your app (not the gear). Then click on the "general" tab (it defaults to "Assignments" for some reason. Scroll to the bottom of the General page, and you'll see them.

  • GregH.10697 (Customer)

    Hi Mark,

    Unfortunately, the Client Secret does not exist there for me. Instead I see a "Client authenication" field. The value for that field is a greyed out (unselectable) radio button entitled "Use PKCE (for public clients). The text underneath it states "Uses Proof Key for Code Exchange (PKCE) instead of a client secret. A one-time key is generated by the client and sent with each request. Instead of proving the identity of a client, this ensures that only the client which requested the token can redeem it."

    Expand Post

  • CristinaN.60224 (Customer)

    I'm having the same issue here as well where client secret does not exist for me because I am using Authorization Code Flow w/ PKCE for an SPA

    • CristinaN.60224 (Customer)

      I ended up getting the application to work by excluding the client-secret in the applicaton.properties/yml file entirely.

This question is closed.
Loading
Please update tutorial https://developer.okta.com/blog/2018/07/19/simple-crud-react-and-spring-boot