I see, yea, if you are redirecting to the hosted login page, the configuration will not work. Do you have the Custom Hosted Login Page beta?
You should have access to the hosted signin page where you can customize it:
Both your clients (android and angular) can use the hosted widget page.
So, what is happening here:
- You redirect to Hosted Login Page
- Your user clicks on facebook, and is redirected to facebooks IdP
- Your user logs in successfully and is redirected back to Okta with the facebook authorization code
- Okta exchanges the code for an id_token or access_token where Okta can get the user information from a user info route on facebook
- After Okta verifies the identity of the user, Okta will redirect back to your application with an Okta id_token and/or access_token
- The client will verify the information (this is why Okta needs the issuer) or use the access token to get additional user information.
Make sense?