- Front end and back-end deployed as docker containers behind NGINX API gateway with a public DNS provided by Amazon EC2
- On press of login button the browser sends a fetch to “/oauth2/authorization/” to the back end which responds back with a redirect pointing to this EC2’s DNS/URL, while the rest of params remain the same in URL.
- Above deployment of having NGINX API gw handle the first redirect to “oauth2/default/v1/authorize” is to avoid CORS issue. The subsequent requests to /introspect, /devicefingerprint etc are handled b/w the browser & OKTA server itself without intervention of NGINX.
- Noticed that some of the cookies sent in response to first redirect request “oauth2/default/v1/authorize” are not being sent in subsequent requests to OKTA as there is a change of domain from Amazon EC2 DNS to OKTA. For ex, the first direct request to OKTA domain is the “/introspect” which doesn’t carry any cookie from the response to “oauth2/default/v1/authorize”. How to address this?
- Also noticed that the request to /nonce is not being triggered at all.
Our setup details:
- grant type autorisation_code, redirect mode
- Front end react
- Back end spring boot
Kindly share your thoughts.