We have recently switched to using Okta for our SSO. I am trying to update a jmeter script to use Okta to sign into our asp.net application. We are using the existing ASP.NET okta module to handle the pipline processing.
When I record a login session I see after the call to authn some json (state_Token) is returned with a status of succeeded.
Then there is a post to my call back url:
https://{MY-SERVER}/authorization-code/callback
with two values, STATE and CODE.
I know STATE is a random value I generate early in the code flow and provide in several calls.
But I am unsure about CODE. I found the following in the documentation:
code: An opaque value that can be used to redeem tokens from the token endpoint. code
is returned if the response_type
includes code
. The code has a lifetime of 300 seconds.
The previous call to authn has a responseType of “code” but I do not see a code value in the state_token returned but somehow the redirect to my call-back URI suddenly has it as a post value.
Right now I am just passing the CODE value that was originally recorded but should be expired and I get a 404 error about the resource (/authorization-code/callback) not existing. I’m not sure if that is due to the CODE value being old or if there is something else wrong with this post back to my server.
If anyone has any insight into this I would be extremely thankful.
Just to be clear, manually logging in works just fine. It is just when I am attempting to do so with jmeter which I just started to use a few weeks ago that I am seeing this issue.