Okta SSO - OIDC (Express/Node) - 403 Error

saswatmishra8 · March 13, 2023, 11:40am

Hi,

I’m trying to integrate Okta SSO with a Node + Express app. I’ve been able to configure the Sign-in widget successfully but once the redirect uri is hit, the response is 403. In the System Logs, its says user logged in successfully and there are no error logs.

I’ve double-checked:
All okta env config params like client id, client secret, etc.
Redirect URIs match with the server side redirect uri
Trusted Origins (added http://localhost:3000)

What could be next steps to debug the config? (I’m guessing that is the issue)

I’m guessing it’s a very similar issue to:
https://support.okta.com/help/s/question/0D54z00008jVkhdCAC/oidc-getting-403-access-forbidden-after-getting-redirected-from-authorize?language=en_US

But I’m not able to find a similar question on the forum so far. Would appreciate any help, thank you!

warren · March 14, 2023, 4:12pm

The Forbidden error isn’t coming from Okta, it’s coming from the app running on localhost:4000. In your first screenshot, I see the authorization code and state parameters in the url which implies that the user has successfully authenticated with Okta and Okta has redirected them to the redirect_uri in your /authorize request.

You might want to try one of the sample apps from GitHub - okta/samples-nodejs-express-4: Express 4 samples. Will publish an artifact that can be consumed by end-to-end sample repos

saswatmishra8 · March 14, 2023, 9:32pm

Ah I see, thank you - I will check this out.
From what I can tell, you’re right, it’s the express-session middleware, rather than the issues with the okta sign in widget.

system · March 15, 2023, 9:33pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.