Iss instead on code in Okta Login OIDC

Hello! I’m attempting to implement Okta Single Sign-On (SSO) using React on the frontend and Golang on a serverless AWS Lambda. My implementation is based on this code: samples-golang/okta-hosted-login at master · okta/samples-golang · GitHub.

When I try to log in with Okta, it sends the code and state in the URL. However, when I submit the application in the OpenID Connect (OIN) test, it only sends the “iss,” and I’m not sure how to retrieve the code from an “iss.”

Expected: https://<my_domain>/signin?code=&state=
I get: https://<my_domain>/signin?iss=

Are you trying to test/implement IDP-initiated login? If so, this is behaving by design and to spec, with Okta redirecting to the application via the app’s “Initiate Login URI” and passing along the iss (Okta domain).

Your application then needs to kick off the authorization flow by making an /authorize redirect to Okta. Once Okta redirects back the authorized user to your application (to the provided redirect_uri), then you will receive an authorization code to complete the flow