Enterprise-Ready Workshop: OpenID Connect

This workshop is part of our Enterprise Readiness Workshop series.

In this workshop, you will enhance a sample application to let users access it using their organization’s identity provider. When any enterprise customer considers buying your software to enhance their employees’ productivity, their IT and security teams want to make sure employees can access your app securely. As a developer, you’d prefer not to rebuild large portions of your authentication flow for every new customer. Fortunately, the OpenID Connect standard solves both of these problems! By adding OpenID Connect (OIDC) support to your app, you can meet the identity security needs of every enterprise organization that uses an OIDC-compatible identity provider.

This is a companion discussion topic for the original entry at https://developer.okta.com/blog/2023/07/28/oidc_workshop

I have followed all the steps mentioned in 1. How to Get Going with the Enterprise-Ready SaaS Apps Workshops and 2. Enterprise-Ready Workshop: Authenticate with OpenID Connect. Additionally, I also included trinity and bob email addresses respectively in my Okta Developer account. However, when I try to authenticate in the todoapp with either bob@tables.fake or trinity@whiterabbit.fake I’m being shown the Enter Password option instead of being redirect to Okta Login. Can someone help debug?

Hi there @tech-binder !

Let’s figure this out together. :slight_smile:

If you look at your database, what do you see in the Org and User tables? By the end of the tutorial, you will have a Whiterabbit Org and Trinity is a user within the Org. Do you see those?

You can peek at your DB by running npx prisma studio. See the instructions here

The setup for what you expect to see is here:

Feel free to describe the DB tables or send screenshots after redacting any personal info and let us know!

@alisaduncan thanks for your reply. The issue got resolved as I tried it again. The part where I got confused is the instruction in Enterprise-Ready Workshop: Authenticate with OpenID Connect

Domain - Enter the domain name of this organization. It should match the domain name of the email address they’ll use. For example, if your customer’s organization domain is whiterabbit.fake, the domain record is “whiterabbit.fake”. Since we are testing with made-up customers, use the email domain you used when you signed up for the Okta Developer Edition organization.

First part says that use the domain of the email that will be used to login which in my case was whiterabbit.fake (since I was using trinity@whiterabbit.fake to test the workflow). The second part says use the domain that came with the Okta Developer account (which was the dev-**82.okta.com). When I added the Okta Dev account domain in DB for domain field setting there is no redirect to Okta for login. However, when I replaced the Domain field setting with whiterabbit.fake the redirect happens correctly.

Thanks for identifying the wording that caused confusion, @tech-binder !
We’ll take your feedback and try to clarify the instructions here!

Hope you enjoyed this workshop otherwise, and I invite you to check out the workshops to manage user lifecycle using SCIM, automate actions in Workflows, and build
your Okta org in Terraform

1 Like