No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
mvnw.cmd Initial Commit Jun 25, 2017
pom.xml Updated to latest version of Spring Boot. Refactored Autowiring. Oct 18, 2017

Okta OpenID Connect Fun!

This is a Spring Boot project that demonstrates various OIDC flows using configurable response types and scopes.

Go to the live example at

You can exchange an authorizaton code for tokens.

And, you can validate access and id tokens.

Want to run this app in your own Heroku instance? Click below:


You'll need to supply values for the following environment variables:

Environment Variable Description
OKTA_ORG The okta organization - ex:
OKTA_AUTHORIZATION_SERVER_ID The Okta authorization server id - ex: aus9vmork8ww5twZg0h7
OKTA_OIDC_CLIENT_ID The Okta OIDC application client id
OKTA_OIDC_CLIENT_SECRET The Okta OIDC application client secret
OKTA_SESSION_USERNAME The email address of the user that the app will establish a session as
OKTA_SESSION_PASSWORD The password of the user that the app will establish a session as
OKTA_ZORK_URL The base URL of where the Okta OAuth2 Zork game is hosted. Note: If this is left blank, it will be ignored.

The OKTA_SESSION_USERNAME and OKTA_SESSION_PASSWORD are used to establish a session on the backend so that the user does not have to login to exercise the OIDC app.

These environment variables are stored on the heroku instance and are not available to the end user.

Whatever name you give your Heroku app, you must add the following redirects to your Okta OIDC app:

https://<your heroku app name>
https://<your heroku app name>

For instance, these are the supported redirects for where this app is currently deployed:

Go to the live example at