-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resource Server won't compile without Client ID #127
Comments
Thanks for the report @joncatanio! This was fixed in 3c13bc7 |
@bdemers Hi Brian, I was able to bump my version and I see it working, however I have one more quick question for you. When I bumped the version I still received the "Client id must not be empty" error. I noticed that when I removed My question is, doesn't this make |
I'll write a test for this.
Do you have any other Spring OAuth2 properties set? Or is it basically just something like: okta:
oauth2:
scopes:
- foo
- bar Thanks for following up!!! |
The properties I have set are the exactly this (with a valid auth server uri, of course):
I only had For now I've just omitted the The app I had setup was literally just a quick initializr with the Okta starter and Webflux. Added the above and properties and a dummy controller (as followed by the README) and it failed to compile. |
Hello 馃憢 I'm currently working on a project with webflux and the okta-spring-boot-starter. I'm configuring a resource server that has a few endpoints and validates JWTs minted from my Okta auth server. Unfortunately I receive the following compilation error:
My application properties file looks something like this:
Notice I don't include
okta.oauth2.client-id
, this seems to cause the compilation error. However, if I set that property to any string, e.g.okta.oauth2.client-id: 123
, I no longer get compilation errors and I am able to hit my controller endpoints with Spring Security handling the JWT validation correctly and everything.So I have two questions, if I'm building a resource server, why do I need to specify a
client-id
when my API plans to receive JWTs minted at one auth server and requested from various clients? Second, why is it that when I add theclient-id
property it seems to be completely unchecked, only validating the signing key, audience, and scopes?I have used the Okta SDK where I explicitly built the
com.okta.jwt.JwtVerifier
and made explicit calls to.setIssuerUrl(...)
and.setAudience(...)
, and there I was not required to call.setClientId(...)
.Any help would be appreciated, thanks!
The text was updated successfully, but these errors were encountered: