I am currently integrating Okta into our Java-based application. For UI we utilize the SignIn widget and everything is working out nicely. We are about to go productive, so far so good.
My my local environment I plan to have a mocked backend to avoid connecting my local system with our real Okta tenant. To achieve this I provided my own endpoints mimicing the behaviour of Okta. I only mocked the bare minimum but it is kind of running. But for now I am facing two problems:
- When SignIn widget sends username and password to my fake backend it omits redirect uri. I do not know why but I could workaround this in an ugly way. But I would prefer to stick to the “normal” process.
- The idea of my fake backend is to make testing on local environment easier. So real authentication is not important which means I do not transport a real JWT through OAuth flow. When callback is triggered and in the end the redirect to to the final location is initiated I see those calls in network monitor but they are not executed by the browser. I stay on the same page with the widget complaining about some internal errors. Because the actual “authentication” in the backend is successful when I reload the page also UI realizes this. So it’s basically the redirect not executed what missing here for me, but I do not like to invent another ugly workaround.
Does somebody has experience with this approache? Can somebody help? Many thanks