Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Suppor for client build with "client-secret"
See original GitHub issueAfter reading your document, I can’t understand how to build a client with oauth2, It confuses me that “pathToYourPrivateKeyPemFile”, becaust in my YMAL, I use like this
okta:
oauth2:
issuer: https://dev-524104.okta.com/oauth2/default
client-id: xxxxxxxxxxxxx
client-secret: xxxxxxxxxxxxxxxxxxxx
redirect-uri: /authorization-code/callback
Why not client build with client-secret but a PemFile? And you don’t tell my how to get and set the PemFile
Your Document:
Client client = Clients.builder()
.setOrgUrl("{yourOktaDomain}")
.setAuthorizationMode(AuthorizationMode.PRIVATE_KEY)
.setClientId("{clientId}")
.setScopes(new HashSet<>(Arrays.asList("okta.users.read", "okta.apps.read")))
.setPrivateKey("{pathToYourPrivateKeyPemFile}")
.build();
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
The Client ID and Secret - OAuth 2.0 Simplified
Client Secret. The client_secret is a secret known only to the application and the authorization server. It is essential the application's own ...
Read more >Client Secret Authentication Methods - Cloudentity
A client secret is a secret known only to the OAuth application and the authorization server (in this case, Cloudentity). It is generated...
Read more >How to Use Client Credentials Flow with Spring Security
Learn how to use OAuth 2.0's client credentials grant to communicate between apps secured by Spring Security.
Read more >Call Your API Using the Client Credentials Flow - Auth0
This tutorial will help you call your API from a machine-to-machine (M2M) application using the Client Credentials Flow. To learn how the flow...
Read more >How to get Google Client ID and Client Secret? - Balbooa
1. Go to the Google Developers Console. · 2. Click Select a project ➝ New Project ➝ the Create button. · 3. Enter...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi @napayaofenkai! Thanks for reaching out!
It looks like you are also using our Spring Boot integration? If that is the case reusing the user’s existing token might be your best bet: #339 and my comment in: https://github.com/okta/okta-sdk-java/pull/339#issuecomment-654277671
This depends on the type of client you are building and if the requests made to Okta are on-behalf-of a user (for example you need to get the list of applications that the current user has access to). Otherwise, if you don’t need to scope the request to the current user, then the SDK might have a different client-id and secret from your Spring Boot application.
TL;DR - We would love to hear more about your use-case, please add a comment to this thread!
Closing this due to inactivity, feel free to reopen if needed.