I’m following the guide for Adding an External Identity Provider and building a React app that closely resembles the example in okta-hosted-login. My goal is to use Google as an identity provider to have the user sign in with Google and then retrieve basic profile information (e.g., name, email) Specifically I have:
- Created an OIDC
- Set client ID and issuer environment variables
- Created a Google App API app
- Added Google as identity provider and copied in IdP’s client ID and client secret
When I get to the step titled “Create the Authorization URL” I’m told to create a URL using the template from the Okta Identity provider I created in step 2. Unfortunately every time I try to hit this URL I receive the message pkce code challenge is required when the token endpoint authentication method is 'none'
.
Some of the relevant bits of code:
const config = {
oidc: {
clientId: CLIENT_ID,
issuer: ISSUER,
redirectUri: "http://localhost:3000/implicit/callback",
scopes: ["openid", "profile", "email"],
pkce: true,
disableHttpsCheck: OKTA_TESTING_DISABLEHTTPSCHECK,
},
};
const App = () => {
return (
<Router>
<Security {...config.oidc}>
<div className="App">
<Header />
<Switch>
<Route path="/" component={Home} exact />
<Route path="/about" component={About} />
<Route path="/signup" component={SignupForm} />
<Route path="/implicit/callback" component={LoginCallback} />
</Switch>
</div>
</Security>
</Router>
);
};
const url = `${
process.env.ISSUER
}/oauth2/v1/authorize?idp=0oa519z9bddSRUX7b4x6&client_id=${
process.env.CLIENT_ID
}&response_type=code&response_mode=fragment&scope=openid profile email&redirect_uri=https://dev-744996.okta.com/oauth2/v1/authorize/callback&state=${Math.ceil(
Math.random() * 100
)}&nonce=${Math.ceil(Math.random() * 100)}`;
Everything I have written thus far, aside from interpolating the variables into the url
, is taken from Okta guides. It’s true that my authorization URL does not have the code_challenge_method
and code_challenge
parameters, however the External IdP guide also does not include them. All that said I can’t seem to understand how to take the code from the guides and get them to support an external identity provider like Google.
What am I missing that will allow me to complete this flow using an external identity provider?