fromUri query string parameter (dotnet sdk)

I have seen a few older posts in this forum from around 2018 about using the fromUri parameter to redirect back to the app, but I could not get it working with the suggestions in the comments from these posts. Here is my flow:

  1. Custom application pulls user data from a legacy system and calls
    CreateUserAsync(new CreateUserWithoutCredentialsOptions
    {
    Profile = profile,
    Activate = false
    });

  2. Custom application calls
    ActivateUserAsync(email);

  3. Custom application obtains Activation URL from the response and sends user an email with the url-encoded fromUri query string parameter appended to the link, pointing to the custom application:
    https://login.[OktaDomain].com/welcome/[ActivationToken]?fromURI=http%3a%2f%2flocalhost%3a4200%2f

  4. User receives the email, clicks on the link (that redirects to https://login.[oktadomain].com/signin/password-reset)

  5. User selects a password and clicks on ‘Reset Password’

  6. User ends up on the Okta dashboard and is not redirected to the url in fromUri.

Things I have done, based on these older threads:

  • checked that self service is turned off for the app
  • made sure the Url matches the Redirect Uri in the app login settings
  • Login initiated by is set to Either Okta or App
  • URL is a trusted origin

Is this flow possible? What am I missing?

It is curious that the activation Url points to a custom Okta domain login.[oktadomain].com that is configured but not applied to any applications or authentication servers. Could this be interfering, and does this flow only work with a custom domain?

Hi cdonner, did you ever figure this out? I am having the exact same problems. Any else on the dev forum know why the older posts fromURI recommendations aren’t working?

I am still working with support on this. The preliminary response was that the free developer plans don’t allow it but I am still waiting for confirmation.

@bobula Final answer from support:
Unfortunately the fromURI is not a currently supported feature and the behavior of it could change at anytime. It is not recommended to have any implementations that rely on it.

1 Like

I worked this out with Okta. you need to open a support ticket and ask that the “global redirect feature flag” be enabled. once this is done, you can go to Settings → Customization → Default App for Sign-In Widget, and enter a custom URL. If you have no apps configured that the user is assigned to in the Okta dashboard, then it will instead redirect to that URL. I also had to delete and re-add my trusted origins in the security → API → trusted origins section for this to work.

Is this still the case in November 2023? I’ve been using fromURI for a while now and it seems fine, however we’ve had issues with a couple of users and we think it could be the fromURI containing incorrect data.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.