On This Page

Okta Java/Spring Quickstart

Now that your users can sign in, let's add authentication to your server. We'll show you how to add the Okta Spring Boot library to your Spring app.

If you would prefer to download a complete sample application instead, please visit Spring Sample Applications for Okta and follow those instructions.

Include the dependency

For Apache Maven:


For Gradle:

compile 'com.okta.spring:okta-spring-boot-starter:1.3.0'

Configure your properties

You can configure your applications properties with environment variables, system properties, or configuration files. Take a look at the Spring Boot documentation for more details.

Property Default Details
okta.oauth2.issuer N/A Authorization Server issuer URL, i.e.: https://${yourOktaDomain}/oauth2/default. Note that your Okta domain does not include -admin.
okta.oauth2.clientId N/A The Client Id of your Okta OIDC application
okta.oauth2.audience api://default The audience of your Authorization Server
okta.oauth2.groups-claim groups The claim key in the Access Token's JWT that corresponds to an array of the users groups.

Create a Controller

The above client makes a request to /api/messages, we simply need to create a Controller to handle the response:

class MessagesRestController {

    public List<String> getMessages(Principal principal) {
        // handle request

Customize the configuration (optional)

The OAuth 2.0 behavior can be customized the same way as using Spring Security directly:

public class OktaOAuth2WebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) throws Exception {

That's it!

Okta's Spring Security integration will parse the JWT access token from the HTTP request's Authorization: Bearer header value.

Check out a Spring Boot example or this blog post.