Okta RedirectUri failing during callback in .net 8 MVC application

Questions OAuth/OIDC
1

I am working on a .Net 8 core MVC application, where we are implementing Okta authentication. Post successful okta authentication the control comes back to the ‘challenge’ method when I don’t use a redirectUri, as expected.
But when I need Okta to post back to a different controller method post authentication, I am getting the below error.

image
image1794×784 82.8 KB

The DevTools shows that the POST callback is invoked

image
image1300×252 18.6 KB

The ‘state’ and ‘code’ payload are available in the request

image
image1390×245 20.7 KB

Then there is immediately a invocation to GET method on the callback resulting in the failure

image
image1270×254 18.3 KB

So, basically below line runs fine without issues

if (!this.HttpContext.User.Identity.IsAuthenticated)
{
return Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);

No Failure

image
image1454×214 19.1 KB

But this line fails…
return Challenge(new AuthenticationProperties { RedirectUri=ConfigUtils.GetConfigValue(“Okta:RedirectUri”)}, OpenIdConnectAuthenticationDefaults.AuthenticationType);

Any insight into this will be very helpful.
Thanks

2

I am the original author of the post and since I am unable to edit the post after 4 modifications, as requested by Okta services teams, I am adding the repro steps with code snippets

Program.cs (okta configuration)


builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
})
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOktaMvc(new OktaMvcOptions
{
OktaDomain = builder.Configuration.GetValue(“Okta:OktaDomain”),
AuthorizationServerId = builder.Configuration.GetValue(“Okta:AuthorizationServerId”),
ClientId = builder.Configuration.GetValue(“Okta:ClientId”),
ClientSecret = builder.Configuration.GetValue(“Okta:ClientSecret”),
CallbackPath = “/Authentication/Callback”,
Scope = [“openid”, “profile”, “offline_access”]
});

LoginController.cs (where challenge is invoked for okta authentication)

// GET: Login
public virtual ActionResult Index()
{
if (!this.HttpContext.User.Identity.IsAuthenticated)
{
return Challenge(OktaDefaults.MvcAuthenticationScheme);
//return Challenge(new AuthenticationProperties { RedirectUri=ConfigUtils.GetConfigValue(“Okta:RedirectUri”)}, OktaDefaults.MvcAuthenticationScheme);
}

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.