Hi, I have a Springboot application that does OIDC workflow.
I tested using the org authorization server (https://{oktadomain}/oauth2/v1/authorize) to call the /authorize endpoint for the authorization code, I was able to retrieve the code.
I also check the system log on the admin page, no error was shown. The only logs I could see were “Verify user identity success”. Does anyone have any idea what I did wrong? Thank you!
Note: I also added the localhost:8080 on my Trusted Origin, so I don’t think it’s the issue.
And the only change between your attempts is the issuer, right? In both the success and the failure case, are you using the same domain (in this case, the *.okta.com domain, as opposed to a custom domain configured for the org)?
Also, out of curiosity, but does this reproduce with all users in your org? If you create a new test user and try to log them in with either the Org auth server or the Default one, does it work?
What is the URL the srpingboot app is generating to redirect to Okta. Does it look good/ Any differences between that and what’s generated for oidcdebugger?
Is the user you’re testing with assigned to the app?
Do you have an access policy and rules setup allowing the same openid flow? Or relying on the Default Policy?
Hi Andrea,
that is correct. The only change was the issuer, and currently, I’m using a default developer okta domain as shown above for testing. I am also just using a testing account without any real users.
(it wouldn’t let me skip this number, but thanks for confirming!)
If you’re using the “Default” server, the Default policy and rule created for you should be fine, but when you make your own custom authorization server, you will need to make the policy and rule yourself.
It might be easier to have a support case open for this one. Can you do so in our Help Center (instructions here) or by emailing developers@okta.com (this email is primarily for integrators/partners).
