403 error returned on hitting /login/token/redirect

Dear experts,

  • Front end and back-end deployed as docker containers behind NGINX API gateway with a public DNS provided by Amazon EC2
  • On press of login button the browser sends a fetch to “/oauth2/authorization/” to the back end which responds back with a redirect pointing to this EC2’s DNS/URL, while the rest of params remain the same in URL.
  • Above deployment of having NGINX API gw handle the first redirect to “oauth2/default/v1/authorize” is to avoid CORS issue. The subsequent requests to /introspect, /devicefingerprint etc are handled b/w the browser & OKTA server itself without intervention of NGINX.
  • Noticed that some of the cookies sent in response to first redirect request “oauth2/default/v1/authorize” are not being sent in subsequent requests to OKTA as there is a change of domain from Amazon EC2 DNS to OKTA. For ex, the first direct request to OKTA domain is the “/introspect” which doesn’t carry any cookie from the response to “oauth2/default/v1/authorize”. How to address this?
  • Also noticed that the request to /nonce is not being triggered at all.

Our setup details:

  • grant type autorisation_code, redirect mode
  • This redirect request has to be presented by Javascript and not by user-agent/browser according to our requirements.
  • Front end react
  • Back end spring boot

Kindly share your thoughts.