https://github.com/oktadev/okta-play-oidc-example

Example of doing OIDC Authentication with Play, Pac4j, and Okta
https://github.com/oktadev/okta-play-oidc-example

java oidc okta pac4j playframework

Last synced: 3 months ago
JSON representation

Example of doing OIDC Authentication with Play, Pac4j, and Okta

• Host: GitHub
• URL: https://github.com/oktadev/okta-play-oidc-example
• Owner: oktadev
• License: apache-2.0
• Created: 2017-10-23T17:05:19.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2020-04-02T17:14:30.000Z (over 5 years ago)
• Last Synced: 2025-04-11T15:14:46.641Z (6 months ago)
• Topics: java, oidc, okta, pac4j, playframework
• Language: Java
• Homepage: https://developer.okta.com/blog/2017/10/31/add-authentication-to-play-framework-with-oidc
• Size: 52.7 KB
• Stars: 7
• Watchers: 4
• Forks: 8
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# OIDC Authentication with Play, Pac4j, and Okta



  

    

  

    

  

    



This `okta-play-oidc-example` project is a Java Play Framework app that shows how to use the [play-pac4j-java](https://github.com/pac4j/play-pac4j) security library with OpenID Connect (OIDC) and Okta.

**Prerequisites**: 

* Install [Java 8](https://adoptopenjdk.net/)

* Install [sbt](https://www.scala-sbt.org/1.x/docs/Setup.html)

## Create an OIDC App in Okta

Create an OIDC App in Okta to get a `{clientId}` and `{clientSecret}`. To do this, log in to your [Okta Developer](https://developer.okta.com/) account and navigate to **Applications** > **Add Application**. Click **Web** and click the **Next** button. Give the app a name you’ll remember, specify `http://localhost:9000` as a Base URI, as well as the following values:

 

 * Login redirect URIs: `http://localhost:9000/callback?client_name=OidcClient`

 * Logout redirect URIs: `http://localhost:9000/?forcepostlogouturlafteridp`

Click **Done** and copy the client ID and secret into your `conf/application.conf` file. While you're in there, modify the `oidc.discoveryUri` to match your Okta domain. For example:

```typescript

oidc.discoveryUri = "https://{yourOktaDomain}.com/oauth2/default/.well-known/openid-configuration"

```

You can also create groups and include them as claims. For example, create `ROLE_ADMIN` and `ROLE_USER` groups and add users into them.

Navigate to **API** > **Authorization Servers**, click the **Authorization Servers** tab and edit the `default` one. Click the **Claims** tab and **Add Claim**. Name it "groups" or "roles", and include it in the ID Token. Set the value type to "Groups" and set the filter to be a Regex of `.*`.

After making these changes, you should be good to go! 

## Build and Run

Build the project and launch the Play app on [http://localhost:9000](http://localhost:9000):

    sbt run

If you have any issues, please create an issue in this project and I'll do my best to help.