How to dynamically set callbackURL with Passport JS?

I am using Passpot-openidconnect with our Okta application, following this guide.

As we’re extending this project, we’re looking to have this Auth system work across several domains (ie, I can log in via Okta on either,, or, etc.). The issue we are running into is the callback from Okta: after we log in on the Okta page, we are redirected to the callback URI we specified in the Okta console, which is We know all the other domains we may want to redirect to, so we could hypothetically add, and so forth into the list of redirect URIs in the Okta console.

Is there a way to dynamically provide a cookie or parameter in passport-openidconnect so that we can specify which of those domains we want to redirect to for our callback URL?

Hi there @RLoveless,

You will want to add all the expected callback domains in Okta. This helps ensure safety in the authentication process. In passport-openidconnect, you can set the callback URL you expect in the configuration.

One way we approached this was by creating a passport strategy at runtime. You can see the code example here

And you can follow the entire tutorial on setting this up in this post. The post might include more flexibility than you’re looking for, but I think the basic info should carry over.

Let us know how it goes!

Thanks for the info! Recreating the strategy is doable, but not super ideal. Is there a way we could do something like pass a custom header to Okta that can be then returned? Ie, something like

callbackURL: 'http://localhost:3333/openid/callback/''?origin='+request.header.referer

And then the callback from Okta includes that ?origin=.... value?

I noted that the openid-connect module passes customHeaders, so would that be an avenue where I could set some customHeaders which are passed to Okta and then could be returned?

Or could this info be returned by adding the state parameter to the authorize URL like

authorizationURL: `https://${oktaDomain}/oauth2/default/v1/authorize?state=${someValueHere}`,

which would then be returned in the token?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.