I have one issue while using OpenId with Okta as an external identity provider.
When you register OpenId for any authentication scheme, such option as Authority has to be specified.
For Okta it can look like this: “https://dev-XXXXXXXX.okta.com”, where dev-XXXXXXXX is a specific Okta domain you have. This Authority property is being initialized during service startup and request for getting openid-configuration is sent using Authority as base url. (The full address looks like this:
“https://dev-XXXXXXXX.okta.com/.well-known/openid-configuration”)
The problem I have, is that specific domain value in my application is stored in database and is not the same for different users. Which means I don’t know it when service is started and can only obtain it in runtime. But I can easily get suitable domain for particular user while handling ‘OnRedirectToIdentityProvider’ event, which allows to do whatever I need before sending actual authorization request to Okta.
So the question: is there any way to get Okta openid-configuration without specific domain during startup? For example in Azure, you can have the next Authority value: “https://login.microsoftonline.com/common/v2.0”, where ‘common’ is a default tenant value, that allows to get openid-configuration without specifying actual tenant. And this default value can be changed with a required one in ‘OnRedirectToIdentityProvider’ event handler.