I have seen a few older posts in this forum from around 2018 about using the fromUri parameter to redirect back to the app, but I could not get it working with the suggestions in the comments from these posts. Here is my flow:
-
Custom application pulls user data from a legacy system and calls
CreateUserAsync(new CreateUserWithoutCredentialsOptions
{
Profile = profile,
Activate = false
});
-
Custom application calls
ActivateUserAsync(email);
-
Custom application obtains Activation URL from the response and sends user an email with the url-encoded fromUri query string parameter appended to the link, pointing to the custom application:
https://login.[OktaDomain].com/welcome/[ActivationToken]?fromURI=http%3a%2f%2flocalhost%3a4200%2f
-
User receives the email, clicks on the link (that redirects to
https://login.[oktadomain].com/signin/password-reset
) -
User selects a password and clicks on âReset Passwordâ
-
User ends up on the Okta dashboard and is not redirected to the url in fromUri.
Things I have done, based on these older threads:
- checked that self service is turned off for the app
- made sure the Url matches the Redirect Uri in the app login settings
- Login initiated by is set to Either Okta or App
- URL is a trusted origin
Is this flow possible? What am I missing?
It is curious that the activation Url points to a custom Okta domain login.[oktadomain].com that is configured but not applied to any applications or authentication servers. Could this be interfering, and does this flow only work with a custom domain?