Okta SignIn Widget either not enabled or giving CORS

Questions
1

Trying to setup the Okta SignIn Widget in javascript to authenticate before redirecting to our GWT application. I get the widget, but only get errors, no login.

With this setup I get CORS errors when loading the page,

var oktaState;
const oktaSignIn = new OktaSignIn({
    baseUrl: "https://customDomain/",
    redirectUri: '/backtoapplication',
    clientId: "0oa2jlaqp1NhdJQiF1d7",
    scopes: ['openid', 'profile'],
    authParams: {
        issuer: "https://customDomain/oauth2/AppID/",
        responseType: ['token', 'id_token'],
        display: 'page',
        clientId: "clientID"
    },
    useInteractionCodeFlow: true,
    flow: 'login',
    state: JSON.stringify(oktaState)

});

With these errors in developer tools on Chrome
Failed to load resource: the server responded with a status of 400 (Bad Request)
login:61 Objecterror: "access_denied"error_description: “The requested feature is not enabled in this environment.”[[Prototype]]: Object

For the CORS error I use this setup

var oktaState;
const oktaSignIn = new OktaSignIn({
baseUrl: https://customDomain/,
redirectUri: ‘backtoApplication’,
clientId: “ClientID”,
scopes: [‘openid’, ‘profile’],
authParams: {
issuer: https://customDomain/oauth2/appID/v1/authorize,
responseType: [‘token’, ‘id_token’],
display: ‘page’
},
useInteractionCodeFlow: true,
flow: ‘login’,
state: oktaState

});

And I get the CORS errors on my developer tools. I am trying to get this running locally so I can get the app upgraded to Okta before moving to user testing. Any help is appreciated, Thank you.

2

Your issuer URI is wrong, it should either be just your Okta domain so that you use the Org Authorization Server, e.g https://customDomain OR the Issuer URI for one of your Custom Authorization Servers, e.g. https://customDomain/oauth2/default OR https://customDomain/oauth2/${authorizationServerId}

If you do not have the ability to use Custom Authorization Servers (such as the one called Default that I mentioned), your org lacks the API Access Management feature and you will ONLY be able to use the Org Authorization Server. Trying to use a non existent custom AS can lead to the error you are seeing, so my bet is thats all you need to change.

3

Ok, for one run I did the baseURL and the issuer as the same url of just https://customDomain

that got me to Requested feature is not enabled which is the same as oauth2/appID

Tried with oauth2/default and also got the same error that the feature is not enabled. Is there a configuration missing on the okta server?

4

Seems the endpoint it is trying to connect to that is not enabled is https://customDomain/oauth2/appID/v1/interact. What needs to be done to activate this, or should I use a different version of the widget. Currently using 6.2.0

5

If the org you are using is not yet on the Okta Identity Engine, can you disable useInteractionCodeFlow and retry? This flow will only work in OIE orgs and it uses that /interact endpoint.

6

Ok, that might be the problem there. I am able to get to my login screen now, just need to get it to redirect back after a successful login.

7

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.