Okta Flask App https issues

I recently set up my okta verification to use https and I’m having URI redirect errors. Prior to this everything was working on http.
I’m running the flask app via gunicorn on an ec2 instance that’s has a certificate on its ALB. I can confirm that the website is secure. It just won’t redirect properly.

My configurations are

The trusted origin was also changed to https (it’s the same as the blurred out urls in the above image.
I’m using port 80 so I’m not explicitly setting it which is exactly the same as I did for the http method.

Here’s the error it throws:

Am I missing something in the configuration? Should I be including both https and http base urls as the trusted origins?

Thanks in advance for any help you can provide!

I am not sure if this is the issue, but by default https uses port 443, and http uses port 80. So if your application has been configured to listen for https request on port 80, then you would need to add the port as part of the URL.

By default,
https://example.com == https://example.com:443

To have https on port 80 you have to specify it in the URL. If you don’t the assumption is 443.

Hi Erik,

I set all my okta URS to explictly use port 80. However, I’m still getting the redirect error. Interestingly the redirect url has “http” in it when I would’ve expect “https”. See below. This is what the response was (with some info removed).


Is this the issue? I’ve run a test flask app locally with an adhoc ssl cert using a dev okta setup and the redirect URL in that case is https. So I think the issue is that the require_login decorator in my python code is defaulting back to http. Is there any way to force this to use https?

The problem is that I’m running my production server on an aws ec2 server. It’s behind an ALB that has a managed certificate.
Because I’m not actually configuring the flask server to run secured (even though using a secure url works) I think that’s why the redirect gets confused.

I’m chatting with amazon now about the issue because this is kind of an unusual case but if there’s something I can try in the code to force it go https I’ll try that too.