Apache mod_auth_openidc integration

I have been asked to integrate Okta with an application that us running on apache and they would like to use the mod_auth_openidc .
I have created an OIDC Web application in Okta and also created an Authorization Server.
I provided the apache application owners all the information needed:

  • Cllient ID
  • Client Secret
  • Issuer
  • Metadara URI

They have configured on the mod_auth_openidc on their end but they continue to get a system internal error and they said on their logs it seems like they are not able to get the metadata.
I am posting here to check if anyone has ever done this integration using Apache mod_auth_openidc that could give some tips on what could be the issue? I believe it is the apache proxy config might need to have something done.
If anyone has implemented this and could give some tips , or is there anything missing on the okta end ?

thank you
Andrea

Is the Metadata URI in one of these formats?

  • https://${yourOktaDomain}/oauth2/${auth_server_id}/.well-known/openid-configuration
  • https://${yourOktaOrg}/.well-known/openid-configuration

https://developer.okta.com/docs/concepts/auth-servers/#org-authorization-server-discovery-endpoints
https://developer.okta.com/docs/concepts/auth-servers/#custom-authorization-server-discovery-endpoints

We figure it out. It was on the Apache configuration. They needed to setup something on the proxy settings.