Details of the callback implementation on the localhost

adriatic · September 2, 2020, 3:53pm

Here is the context of my question, taken from the @mraible’s recent tutorial. The question is this

How does the authentication server respond asynchronously to my authentication request, when the client is the browser?

The (always incomplete) answer is that the user (me human, not the client, being the browser) need to provide the “callback” via the Okta application panel shown below:

Does the path http://localhost:3000/users/callback have to exist - or is the “substring” http://localhost:3000 the only information used by Okta SDK?

In other words, is the behavior described as “the auth server provides the requested data to localhost at port 3000” and it is the SDK responsible to install a listener at port 3000, which (listener) delivers the data to my app?

mraible · September 2, 2020, 5:45pm

The /users/callback route has to exist. With most of our SDKs, we provide a handler that you can map to that route.

adriatic · September 2, 2020, 6:48pm

The /users/callback route has to exist

This simple explanation is missing at all “auth as PaaS” vendors. When discussing this, let me add that the SDK code could be a bit more user-friendly and create that path if someone like me is not aware of that requirement

Allow me to expand a tad bit more, in this special case of running the authentication on my own workstation, when declaring the callback in the form //localhost:3000/users/callback and the client is my browser. Well, the browser is not the webserver (there is no listener at //localhost:3000/users/callback), so it ought to be Okta SDK that handles the data authentication server returns to the “callback”.

Note that this is just a documentation issue that inquisitive folks might care about.

adriatic · September 3, 2020, 9:51pm

@mraible I forgot to ask the most important question in this context:

What means The /users/callback route has to exist?

Did you mean that the route has to exist as an Express route:

router.get('/',function(req,res){
  res.json({'message' : 'Ping Successfull'});
});

I do not recall seeing such a route definition in any of the samples. Can you explain this, please?

adriatic · September 3, 2020, 10:19pm

When in doubt, - RTFM. In my case: https://developer.okta.com/docs/guides/sign-into-spa/react/define-callback/

I will now check all tutorials I mentioned as “to be updated” and verify that the proper warning about the need to implement the routes like

const CALLBACK_PATH = '/implicit/callback';

const App = () => { 
  return (
    <Router>
      <Route path={CALLBACK_PATH} />
    </Router>
  );
};

export default App;

Post		Replies	Views
@okta/oidc-middleware Questions	2	3081	February 8, 2024
AuthState is null, after /callback Questions reactjs	2	3443	June 30, 2022
No webpage was found for the web address: http://localhost:8000/login/callback OAuth/OIDC	4	1562	November 22, 2023
Okta login callback redirects to base Questions	3	8899	October 1, 2020
Local to Test/QA server Questions	7	8494	January 9, 2019

Details of the callback implementation on the localhost

Related Topics