Details of the callback implementation on the localhost

Here is the context of my question, taken from the @mraible’s recent tutorial. The question is this

How does the authentication server respond asynchronously to my authentication request, when the client is the browser?

The (always incomplete) answer is that the user (me human, not the client, being the browser) need to provide the “callback” via the Okta application panel shown below:

Does the path http://localhost:3000/users/callback have to exist - or is the “substring” http://localhost:3000 the only information used by Okta SDK?

In other words, is the behavior described as “the auth server provides the requested data to localhost at port 3000” and it is the SDK responsible to install a listener at port 3000, which (listener) delivers the data to my app?

The /users/callback route has to exist. With most of our SDKs, we provide a handler that you can map to that route.

The /users/callback route has to exist

This simple explanation is missing at all “auth as PaaS” vendors. When discussing this, let me add that the SDK code could be a bit more user-friendly and create that path if someone like me is not aware of that requirement :grinning:

Allow me to expand a tad bit more, in this special case of running the authentication on my own workstation, when declaring the callback in the form //localhost:3000/users/callback and the client is my browser. Well, the browser is not the webserver (there is no listener at //localhost:3000/users/callback), so it ought to be Okta SDK that handles the data authentication server returns to the “callback”.

Note that this is just a documentation issue that inquisitive folks might care about.

@mraible I forgot to ask the most important question in this context:

What means The /users/callback route has to exist?

Did you mean that the route has to exist as an Express route:

  res.json({'message' : 'Ping Successfull'});

I do not recall seeing such a route definition in any of the samples. Can you explain this, please?

When in doubt, - RTFM. In my case:

I will now check all tutorials I mentioned as “to be updated” and verify that the proper warning about the need to implement the routes like

const CALLBACK_PATH = '/implicit/callback';

const App = () => { 
  return (
      <Route path={CALLBACK_PATH} />

export default App;