Fun with OIDC

by oktadeveloper


Okta OpenID Connect Fun!

This is a Spring Boot project that demonstrates various OIDC flows using configurable response types and scopes.

Go to the live example at

You can exchange an authorizaton code for tokens.

And, you can validate access and id tokens.

Want to run this app in your own Heroku instance? Click below:


You'll need to supply values for the following environment variables:

Environment Variable Description OKTA_ORG The okta organization - ex: OKTA_AUTHORIZATION_SERVER_ID The Okta authorization server id - ex: aus9vmork8ww5twZg0h7 OKTA_OIDC_CLIENT_ID The Okta OIDC application client id OKTA_OIDC_CLIENT_SECRET The Okta OIDC application client secret OKTA_SESSION_USERNAME The email address of the user that the app will establish a session as OKTA_SESSION_PASSWORD The password of the user that the app will establish a session as OKTA_ZORK_URL The base URL of where the Okta OAuth2 Zork game is hosted. Note: If this is left blank, it will be ignored.

The OKTA_SESSION_USERNAME and OKTA_SESSION_PASSWORD are used to establish a session on the backend so that the user does not have to login to exercise the OIDC app.

These environment variables are stored on the heroku instance and are not available to the end user.

Whatever name you give your Heroku app, you must add the following redirects to your Okta OIDC app:

https://<your heroku app name>
https://<your heroku app name>

For instance, these are the supported redirects for where this app is currently deployed:

Go to the live example at