Okta redirect over https

sandrews · November 18, 2020, 11:55am

I have an ASP.NET Core app running in a container over http with a load balancer/reverse proxy sitting in front of it configured to run over https. Everything is running within a VPC in AWS. The issue I have is that the redirect from Okta after authentication is over http not https: i.e.,

https://.okta.com/oauth2/default/v1/authorize?client_id=XXXXX&redirect_uri=http://

even though the original request was from https://

Not sure where the issue is here. Is it an Okta setting I missed, is it the load balancer or within the app although everything works fine over https with a self signed certificate when I run the app locally on my dev machine. Any help much appreciated.

andreaskouras · November 18, 2020, 7:27pm

Is the redirect URI you’ve set in your app config set as http:// or https://?

andreaskouras · November 18, 2020, 7:38pm

Also, regarding having a reverse proxy in front of a .NET app, you may want to check out this blog post.

sandrews · November 19, 2020, 10:24am

It works over https when I run it locally on my machine and authenticates against my Okta https endpoint perfectly. It’s an ASP.NET Core app…In the appsettings.json I’m using:

“Okta”: {
“OktaDomain”: “https://XXXX.okta.com/”,
“ClientId”: “XXXXX”,
“ClientSecret”: “XXXX”
}

In startup.cs I’m using:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseEndpoints(endpoints =>
{
endpoints.MapHealthChecks("/healthcheck");
endpoints.MapControllers();
endpoints.MapRazorPages();
});
}