Hello, I’m experiencing an issue submitting our app to OIN. My app supports SSO using OIDC. My implementation works when I test it in an anonymous browser window. However, the problem occurs when I run the OIN Submission Tester (SSO) SP flow test.
The OIN Submission Tester opens a new window and redirects to my app. My app correctly initiates authorize (using Okta Auth JS) and redirects me to Okta. After I successfully authenticate, the Okta tries to redirect me back to my app. At this point, the OIN Submission Tester closes, and the test fails. The redirect page is rendered server-side in Next.js.
Here is my implementation: The front end (Next.js app) initiates authorize with PKCE enabled and redirects to Okta (redirect mode). Okta then redirects the user back to my front-end app (a server-side rendered page). I parse the code and other relevant data and send them to my API (Node.js). The API exchanges the code for tokens, verifies the tokens, and if everything is correct, issues a custom token (we use multiple IDps, including our own custom one). When tokens are exchanged I redirect the user to the app as an authenticated user.
I tried to follow the documentation as closely as possible, but I found it confusing for OIN Integrations. Can someone help identify what might be causing the test to fail in the OIN Submission Tester? Did I miss something in my implementation? Thank you so much!
An update for posterity on SP-initiated flow abruptly closing.
The reason this was happening is our application was fetching a config JSON file that returned with a 404 status code. This config file was completely unrelated to the SAML implementation.
So, just know:
if there are any failing calls in your app - it will fail the SP-initiated spec during app submission.
check your JSON export in the submission wizard and look for "statusCode": 4 and see if you can find any “bad” response codes.
I discovered that there was a single failed request, which I fixed. However, after addressing that issue, another request started failing.
Here’s what happens: After Okta redirects to the configured Redirect URI, our app requests our API to exchange the code (code flow exchange). When this process is successful, the API issues a custom token via a cookie.
However, I noticed that the cookie set during the SSO flow is not sent back to my API in the first request after successful authentication. It seems that the OIN Submission Tester does not send HTTP cookies. It works fine when I run SSO flow outside the OIN Submission Tester (including the anonymous browser window). Has anybody experienced the same issue?
I’m experience a similar issue, an OIDC application for sp initiated sign in to a SasS platform with backend authorization. I have tried everything I can think of and the test will not pass, it is failing on “Okta sign in”. As soon as I log into Okta the test fails. This is maddening
@kyleva It turns out your recommendation helped me through this, it was an expected 403 error on our app’s login page that was causing the test fail. After addressing the 403 error, I was still not able to get the test to pass, but It turns out the Okta browser plugin sometimes needs to be removed and reinstalled for the test to function correctly Cannot confirm user sigin for OIN testing app - #5 by Tahir52
If it wasn’t for this post and your post I would probably still be stuck on this, thank you.
