So my goal is create an OIDC integration for the OIN. I have the basics working in my dev instance, but my question is about getting the baseUrl as a part of the OIDC flow.
Now, when a user clicks into my app from Okta dashboard, Okta sends them to the initate login URI which includes the tenant’s base url in the iss query param like initiate-login?iss=https%3A%2F%2Fdev-xx.okta.com. With this information I can redirect the browser to the authorize URL based on the url ie: dev-xx.okta.com/oauth2/v1/authorize. Okta then redirects to the Redirect URI that includes the authorization code so like localhost:8888/callback?code=CODE. However, now I have no idea which Okta instance they came from to make the call to get the access token? Is there a standard way to do this?
Obviously, I can require the Okta admin to add some kind of query param to the Redirect URI, but is that recommended way to build something for the OIN? I would prefer that they have to do as little as possible.
You could send it in the state query parameter as you have mentioned. If your app supports a different redirect_uri based on tenant, you can configure that in the submission form as well.
Thank you @warren! I had read that documentation but since I’m developing this via the AIW (where this option doesn’t seem to exist) I couldn’t quite picture how it worked. Your screenshot makes it super clear and now I realize I can vary the Redirect URI per tenant with pretty minimal work for the end-users.
Hello @warren, I wanted to test the multiple redirect URI varying per tenant feature . I could not find that when I create a native OIDC app in my developer account. i.e. I wanted to test the above feature in a native OIDC app rather than submitting the ISV form and testing it in production. Do I need to enable some configuration so the above feature is visible for my native OIDC apps?
