I have build a .NET MVC application implementing the Okta OIDC authentication work flow. The application works fine on my local machine, I am able to authenticate and everything works as expected. After deploying the application to a test server running on Windows server 2019 the redirect call back fails. I am able to get to the Okta login but when the redirect call back hits my router there is an error in the
LoginCallback component. All I see is a Server Error with the following description:
Value cannot be null.
Parameter name: source
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentNullException: Value cannot be null.
Parameter name: source
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Can you open the browsers dev console window and during a login attempt, when redirecting from Okta back to the applications redirectURI do you see this URL successfully navigated to in the Network tab?
If so do you see a valid code/state value returned from Okta?
The .NET oidc library relies on setting cookies before a redirect (oidc nonce cookie) and reading that same cookie on redirect back. There potentially could have been an issue with setting this value in the browser.
Another potential is the browser redirects back fine, .NET gets tokens for the user, but a specific claim that is needed is not present.
If none of the above helps I recommend opening a support case so more information about the application can be obtained.
The browser is returning 500 code during callback in our test environment which something we don’t see on our local system.
How can we check whether browser is setting up correct oidc nonce cookie during redirect?
This issue got resolved. It was due to the zone was not properly set by the network team while implementing NCR request to open communication with Okta from our IP.