"authorization-code/callback" redirect is going in a loop

In a springboot application which uses okta-spring-starter library,
Application server is behind a reverse proxy. I can see the “/authorization-code/callback” coming to app server. But seems like it is kicked out as if it needs to be authorized. So browser gets /auth redirect - so in a loop.
I expect this path would be picked up by the filter even before the “security filter chain” get to it.
Do I need to add this path to “permitAll()” ?
Any help would be appreciated?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.