We have a crowdfunding marketplace. We want to allow users to embed a crowdfunding campaign in an IFrame on any website and allow users to login through the Okta widget. This IFrame use case with Okta seems to be an issue because of the redirect_uri parameter. The redirect_uri parameter must be set in the Okta admin settings beforehand, but we want allow users to embed our widget with Okta on any website.
Do you have any suggestions on dealing with this? We have thought about adding redirect_uris dynamically through Okta API but from Okta docs, it looks like the max char limit of combined total redirect_uris is 56,000 characters. So this approach wouldn’t work for us.
I have not tried this but you could probably have Okta redirect to a specific end point on your end with the actual redirect url as a parameter and your endpoint handles the redirect. This way, you only need to whitelist your own endpoint.
In the future we will allow wildcard redirect URIs, however I don’t know that they would allow root domains like *.com, *org. I would suspect you would need a subdomain.
As mentioned above, you maybe able to redirect to a common URL you control, perhaps have the true redirect URI embedded in the state parameter, extract that and then redirect again.