I’m trying to integrate Okta SSO with a Node + Express app. I’ve been able to configure the Sign-in widget successfully but once the redirect uri is hit, the response is 403. In the System Logs, its says user logged in successfully and there are no error logs.
I’ve double-checked:
All okta env config params like client id, client secret, etc.
Redirect URIs match with the server side redirect uri
Trusted Origins (added http://localhost:3000)
What could be next steps to debug the config? (I’m guessing that is the issue)
The Forbidden error isn’t coming from Okta, it’s coming from the app running on localhost:4000. In your first screenshot, I see the authorization code and state parameters in the url which implies that the user has successfully authenticated with Okta and Okta has redirected them to the redirect_uri in your /authorize request.
Ah I see, thank you - I will check this out.
From what I can tell, you’re right, it’s the express-session middleware, rather than the issues with the okta sign in widget.