Okta OIDC integration NodeJS

matthiasmaes · December 11, 2023, 11:13am

Hi,

I’m trying to use Okta to provide SSO for one of our internal NodeJS apps using the documentation: Sign users in to your web app using the redirect model | Okta Developer.

This is my config in my server file (removed the /default as we’re not using custom authorization servers as mentioned here: OpenID Connect & OAuth 2.0 API | Okta Developer):

passport.use('oidc', new Strategy({
  issuer: `https://${env.OKTA__DOMAIN}/oauth2`,
  authorizationURL: `https://${env.OKTA__DOMAIN}/oauth2/v1/authorize`,
  tokenURL: `https://${env.OKTA__DOMAIN}/oauth2/v1/token`,
  userInfoURL: `https://${env.OKTA__DOMAIN}/oauth2/v1/userinfo`,
  clientID: env.OKTA__CLIENT_ID,
  clientSecret: env.OKTA__CLIENT_SECRET,
  callbackURL: 'http://localhost:1337/authorization-code/callback',
  scope: 'openid profile',
}, (issuer, profile, done) => done(null, profile)));

I’m presented with the following error:

AuthenticationError: Forbidden
    at allFailed (/Users/matthias/Development/deselect-admin-back/node_modules/passport/lib/middleware/authenticate.js:175:21)
    at attempt (/Users/matthias/Development/deselect-admin-back/node_modules/passport/lib/middleware/authenticate.js:183:28)
    at Strategy.strategy.fail (/Users/matthias/Development/deselect-admin-back/node_modules/passport/lib/middleware/authenticate.js:314:9)
    at /Users/matthias/Development/deselect-admin-back/node_modules/passport-openidconnect/lib/strategy.js:171:56
    at /Users/matthias/Development/deselect-admin-back/node_modules/oauth/lib/oauth2.js:209:7
    at passBackControl (/Users/matthias/Development/deselect-admin-back/node_modules/oauth/lib/oauth2.js:134:9)
    at IncomingMessage.<anonymous> (/Users/matthias/Development/deselect-admin-back/node_modules/oauth/lib/oauth2.js:157:7)
    at IncomingMessage.emit (events.js:412:35)
    at IncomingMessage.emit (domain.js:475:12)
    at endReadableNT (internal/streams/readable.js:1333:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)

Any ideas?

andrea · December 11, 2023, 7:03pm

What’s returning the forbidden error? Is it attempting to validate a token or is a request to Okta failing?

matthiasmaes · December 12, 2023, 9:11am

I’m assuming it’s the token validation part that fails as I can see the login attempt in the console and its marked as successful.

andrea · December 12, 2023, 5:19pm

If local token validation is occurring, its likely because you are using the Org Authorization Server to mint tokens. More information about this limitation here: Signature Validation Failed on Access Token | Okta Help Center

Post		Replies	Views
Passport-openidconnect login fails OAuth/OIDC	4	2703	November 16, 2023
Can't get a session with oidc-middleware OAuth/OIDC	2	4620	January 13, 2024
Okta SSO - OIDC (Express/Node) - 403 Error OAuth/OIDC	3	2245	March 14, 2023
Okta logging out OAuth/OIDC	2	618	June 16, 2024
Error: The response type is not supported by the authorization server. Configured response types: [code] OAuth/OIDC nodejs	3	283	August 4, 2024

Okta OIDC integration NodeJS

Related topics