fromUri query string parameter (dotnet sdk)

I have seen a few older posts in this forum from around 2018 about using the fromUri parameter to redirect back to the app, but I could not get it working with the suggestions in the comments from these posts. Here is my flow:

  1. Custom application pulls user data from a legacy system and calls
    CreateUserAsync(new CreateUserWithoutCredentialsOptions
    {
    Profile = profile,
    Activate = false
    });

  2. Custom application calls
    ActivateUserAsync(email);

  3. Custom application obtains Activation URL from the response and sends user an email with the url-encoded fromUri query string parameter appended to the link, pointing to the custom application:
    https://login.[OktaDomain].com/welcome/[ActivationToken]?fromURI=http%3a%2f%2flocalhost%3a4200%2f

  4. User receives the email, clicks on the link (that redirects to https://login.[oktadomain].com/signin/password-reset)

  5. User selects a password and clicks on ‘Reset Password’

  6. User ends up on the Okta dashboard and is not redirected to the url in fromUri.

Things I have done, based on these older threads:

  • checked that self service is turned off for the app
  • made sure the Url matches the Redirect Uri in the app login settings
  • Login initiated by is set to Either Okta or App
  • URL is a trusted origin

Is this flow possible? What am I missing?

It is curious that the activation Url points to a custom Okta domain login.[oktadomain].com that is configured but not applied to any applications or authentication servers. Could this be interfering, and does this flow only work with a custom domain?

Hi cdonner, did you ever figure this out? I am having the exact same problems. Any else on the dev forum know why the older posts fromURI recommendations aren’t working?

I am still working with support on this. The preliminary response was that the free developer plans don’t allow it but I am still waiting for confirmation.

@bobula Final answer from support:
Unfortunately the fromURI is not a currently supported feature and the behavior of it could change at anytime. It is not recommended to have any implementations that rely on it.

1 Like

I worked this out with Okta. you need to open a support ticket and ask that the “global redirect feature flag” be enabled. once this is done, you can go to Settings → Customization → Default App for Sign-In Widget, and enter a custom URL. If you have no apps configured that the user is assigned to in the Okta dashboard, then it will instead redirect to that URL. I also had to delete and re-add my trusted origins in the security → API → trusted origins section for this to work.