Open Closed

Validating access_token failed - Okta integration #5598


User avatar
0
Mohammed.sheik created
  • ABP Framework version: v5.2.2
  • UI Type: Angular
  • Database System: EF Core
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hi There,

I hope you are well.

We are integrating Okta as an external login provider for our application. We have added the following configuration to the ConfigureExternalProviders function in the AuthServerModule:

.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, "Okta",
            options =>
            {
                options.Authority = "https://xxxxxx.okta.com/oauth2/default";

                options.ClientId = "my client Id";
                options.ClientSecret = "my client secret";

                options.ResponseType = OpenIdConnectResponseType.Code;

                options.Scope.Clear();
                options.Scope.Add("offline_access");
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("email");

                options.SaveTokens = true;
                options.ResponseMode = OpenIdConnectResponseMode.Query;

                options.Events = new OpenIdConnectEvents
                {
                    OnRedirectToIdentityProvider = context =>
                    {
                        // Perform any custom logic before redirecting to Okta
                        context.ProtocolMessage.RedirectUri = "http://localhost:4200";
                        return Task.CompletedTask;
                    },
                };

            });
           
   

My login page now has the option to login with Okta:

This is the settings that I have in my Okta Application settings:

As you can see I have configured the redirect URL on both sides to be http:localhost:4200 which is my Angular frontend. When I login to my application using the Okta option, I see the authentication happening correctly on the Okta side and after the authentication I am redirected to http:localhost:4200. The problem is that I don't get logged into my application because I get the error 'Validating access_token failed'. I do notice that the nounce, access_token, refresh_token etc are missing from the local storage for http://localhost:4200

Please advice on what I am missing and how I can resolve this issue. Your assistance is greatly appreciated.


10 Answer(s)
Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15