Okta Spring Security Resource Server Example

This sample application authenticates requests against your Spring application, using access tokens.

The access tokens are obtained via the Implicit Flow. As such, you will need to use one of our front-end samples with this project. It is the responsibility of the front-end to authenticate the user, then use the obtained access tokens to make requests to this resource server.


Before running this sample, you will need the following:

A typical resource-server requires a frontend and a backend application, so you will need to start each process:

Running This Example


cd resource-server
mvn -Dokta.oauth2.issuer=https://{yourOktaDomain}/oauth2/default

NOTE: The above command starts the resource server on port 8000. You can browse to http://localhost:8000 to ensure it has started. If you get the message "Full authentication is required to access this resource", it indicates that the resource server is up. You will need to pass an access token to access the resource, which will be done by the front-end below.


Instead of using one of our front-end sample applications listed above, you can also use the front-end within this repo to quickly test the resource server. To start the front-end, you need to gather the following information from the Okta Developer Console:

  • Client Id - The client ID of the SPA application that you created earlier. This can be found on the "General" tab of an application, or the list of applications. The resource server will validate that tokens have been minted for this application.
  • Base URL - This is the URL of the developer org that you created. For example,

Update the configuration file config.js with the client id and base url that you obtained in the previous step.

// okta widget configuration
window.oktaSignIn = new OktaSignIn({
  baseUrl: 'https://{yourOktaDomain}',
  clientId: '{yourClientId}',
  redirectUri: window.location.href,
  authParams: {
    issuer: 'default',
    responseType: ['id_token', 'token'],
    scopes: ["openid", "profile", "email"]

Now start the front-end.

cd front-end

Browse to: http://localhost:8080/ to login!

NOTE: If you want to use one of our front-end samples, open a new terminal window and run the front-end sample project of your choice. Once the front-end sample is running, you can navigate to http://localhost:8080 in your browser and log in to the front-end application. Once logged in, you can navigate to the "Messages" page to see the interaction with the resource server.