LIGHT

  • News
  • Docs
  • Community
  • Reddit
  • GitHub

Okta Oauth 2.0 Provider

We have too many configuration examples of leveraging the light-oauth2 or the kafka-oauth for security. One of our customers is using Okta cloud for hundreds of services, and we have learned a lot of configuration variations on different light-4j products. This tutorial will show you how to use the Okta cloud OAuth 2.0 provider for security.

Single Okta JWK

This is the setup for a light-4j service or the http-sidecar to verify the incoming JWT token by downloading the JWK from the same OAuth server instance on the cloud. I am assuming you are using REST API with the light-rest-4j framework.

To use the JwtVerifyHandler, we need to register it in the handlers section in handler.yml and also put the alias into the default chain.

handler.yml

handlers:
  .
  .
  .	
  - com.networknt.openapi.JwtVerifyHandler@security
  .
  .
  .

chains:
  default:
    - exception
    - metrics
    - traceability
    - correlation 
    - specification
    - security
    .
    .
    .

In the openapi-security.yml section in values.yml, we need to enable the security to verify the JWT token and also the scopes in the token against the specification. To load the JWK during the server startup, we must set up the bootstrap from the JWK server to true. We also need to change the keyResolver to JsonWebKeySet.

In the client.yml section, we need to define the tokenKeyServerUrl and tokenKeyUri so that the server knows where to load the JWK.

values.yml

# openapi-security.yml
openapi-security.enableVerifyJwt: true
security.enableVerifyScope: true
security.keyResolver: JsonWebKeySet
security.bootstrapFromKeyService: true

# client.yml
client.tokenKeyServerUrl: https://networknt.oktapreview.com
client.tokenKeyUri: /oauth2/aus133d83gC9EXGoS1d7/v1/keys

With the above configuration, you can get a JWT token from Okta from the token endpoint https://networknt.oktapreview.com//oauth2/aus133d83gC9EXGoS1d7/v1/token and put it into the request Authorization header. The request will be verified by the server with the JWK downloaded from the same Okta instance.

Automatically Retrieve JWT Token

This is normally used in the http-sidecar or light-proxy-client to retrieve a JWT token and inject it into the outgoing request.

Multiple OAuth Providers

This is used in a light-gateway instance to verify JWT tokens from multiple JWK instances and retrieve JWT from multiple JWT token servers.

  • About Light
    • Overview
    • Testimonials
    • What is Light
    • Features
    • Principles
    • Benefits
    • Roadmap
    • Community
    • Articles
    • Videos
    • License
    • Why Light Platform
  • Getting Started
    • Get Started Overview
    • Environment
    • Light Codegen Tool
    • Light Rest 4j
    • Light Tram 4j
    • Light Graphql 4j
    • Light Hybrid 4j
    • Light Eventuate 4j
    • Light Oauth2
    • Light Portal Service
    • Light Proxy Server
    • Light Router Server
    • Light Config Server
    • Light Saga 4j
    • Light Session 4j
    • Webserver
    • Websocket
    • Spring Boot Servlet
  • Architecture
    • Architecture Overview
    • API Category
    • API Gateway
    • Architecture Patterns
    • CQRS
    • Eco System
    • Event Sourcing
    • Fail Fast vs Fail Slow
    • Integration Patterns
    • JavaEE declining
    • Key Distribution
    • Microservices Architecture
    • Microservices Monitoring
    • Microservices Security
    • Microservices Traceability
    • Modular Monolith
    • Platform Ecosystem
    • Plugin Architecture
    • Scalability and Performance
    • Serverless
    • Service Collaboration
    • Service Mesh
    • SOA
    • Spring is bloated
    • Stages of API Adoption
    • Transaction Management
    • Microservices Cross-cutting Concerns Options
    • Service Mesh Plus
    • Service Discovery
  • Design
    • Design Overview
    • Design First vs Code First
    • Desgin Pattern
    • Service Evolution
    • Consumer Contract and Consumer Driven Contract
    • Handling Partial Failure
    • Idempotency
    • Server Life Cycle
    • Environment Segregation
    • Database
    • Decomposition Patterns
    • Http2
    • Test Driven
    • Multi-Tenancy
    • Why check token expiration
    • WebServices to Microservices
  • Cross-Cutting Concerns
    • Concerns Overview
  • API Styles
    • Light-4j for absolute performance
    • Style Overview
    • Distributed session on IMDG
    • Hybrid Serverless Modularized Monolithic
    • Kafka - Event Sourcing and CQRS
    • REST - Representational state transfer
    • Web Server with Light
    • Websocket with Light
    • Spring Boot Integration
    • Single Page Application
    • GraphQL - A query language for your API
    • Light IBM MQ
    • Light AWS Lambda
    • Chaos Monkey
  • Infrastructure Services
    • Service Overview
    • Light Proxy
    • Light Mesh
    • Light Router
    • Light Portal
    • Messaging Infrastructure
    • Centralized Logging
    • COVID-19
    • Light OAuth2
    • Metrics and Alerts
    • Config Server
    • Tokenization
    • Light Controller
  • Tool Chain
    • Tool Chain Overview
  • Utility Library
  • Service Consumer
    • Service Consumer
  • Development
    • Development Overview
  • Deployment
    • Deployment Overview
    • Frontend Backend
    • Linux Service
    • Windows Service
    • Install Eventuate on Windows
    • Secure API
    • Client vs light-router
    • Memory Limit
    • Deploy to Kubernetes
  • Benchmark
    • Benchmark Overview
  • Tutorial
    • Tutorial Overview
  • Troubleshooting
    • Troubleshoot
  • FAQ
    • FAQ Overview
  • Milestones
  • Contribute
    • Contribute to Light
    • Development
    • Documentation
    • Example
    • Tutorial
“Okta Oauth 2.0 Provider” was last updated: January 19, 2023: fixes #357 add a tutorial for Okta integration for security (3ce167a)
Improve this page
  • News
  • Docs
  • Community
  • Reddit
  • GitHub
  • About Light
  • Getting Started
  • Architecture
  • Design
  • Cross-Cutting Concerns
  • API Styles
  • Infrastructure Services
  • Tool Chain
  • Utility Library
  • Service Consumer
  • Development
  • Deployment
  • Benchmark
  • Tutorial
  • Troubleshooting
  • FAQ
  • Milestones
  • Contribute