OIDC iss parameter in URL

Hekmil · February 2, 2022, 11:44am

Hi,

I have implemented 2 OIDC SPA apps that are accessible through direct link or through Okta dashboard. I have an interrogation that I can’t answer reading Okta admin or developer documentation so I’m trying here.

The redirect URI has this format : https://app.client.com/login/callback

But when we try to reach to the app using Okta’s App Embed Link, SSO works fine but the final URL has this format : https://app.client.com/login/callback?iss=https%3A%2F%2Ftenant.okta.com)

I know iss stands for issuer which but why is it in the URL as a parameter and what can we do to avoid this ?

This is the configuration of our app :

Thank you

aaronpk · February 2, 2022, 2:14pm

This is by design. With the “Redirect to app to initiate login (OIDC Compliant)” option checked, Okta will redirect the user to the app URL with iss in the query string. Your app is expected to start a new OpenID Connect flow to the designated issuer.

Hekmil · February 2, 2022, 3:54pm

Alright I didn’t know that. So the application should process the URL with the query string then start a new OpenID flow (that could allow redirect or change the URL ?).

What would imply switching to “Send ID Token directly to app (Okta Simplified)” ? I never really look down on thoses 2 different “Login Flow”.

Thanks !

Grimess15aT · January 31, 2024, 4:52pm

I have the same issue, I don’t understand what the process should be after taking the ISS? In my application I always expected a code and a status but when they send me it confuses me a lot, is there any documentation about that?

system · February 2, 2024, 9:42pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.