OmniAuth/Devise for RoR app -- 404 Bad Request/The requested feature is not enabled in this environment

Questions
1

Trying to follow the tutorial in the blog for Devise and Omniauth, stuck trying to “Sign In With Oktaoauth”. Need a nudge, please.

We’re using a trial account. Configured an application that looks like this:

image
image.png1520×2100 211 KB

Set up the RoR controllers to match how the source for the tutorial looks. The config params are:

image
image.png1770×486 54 KB

The app appears to be functional, and the default Devise login looks like this:

image

When the link at the bottom is clicked (Sign in with oktaoath), things go poorly:

image

The url being accessed is:

https://vitacvps.okta.com/oauth2/default/v1/authorize?client_id=0oaqz35k9uiFEQmB6356&redirect_uri=http%3A%2F%2Fme%3A5000%2Fuser%2Fauth%2Foktaoauth%2Fcallback&response_type=code&scope=openid+profile+email&state=c707a0177be1d2b6aa9deed02ff949adb51e38a3a1817401

In reading other posts, it appears that whitelisting may be an issue. So I tried to follow the suggestions there:

image

Also, it appeared that removing “oauth2/default” from the ISSUER url helped some people, but it didn’t work for us.

Any insights would be appreciated.

2

Hi @llamapajama

The issue here is that API Access Management is not enabled on your Okta org. This paid feature gives you the possibility to create custom authorization servers, as mentioned here.

If you would like to use the free alternative, the best option would be to use the Okta authorization server, which has the issuer http://vitacvps.okta.com and the configuration file available at https://vitacvps.okta.com/.well-known/openid-configuration.

Saying this, the URL for authorization would look like

https://vitacvps.okta.com/oauth2/v1/authorize?client_id=0oaqz35k9uiFEQmB6356&redirect_uri=http%3A%2F%2Fme%3A5000%2Fuser%2Fauth%2Foktaoauth%2Fcallback&response_type=code&scope=openid+profile+email&state=c707a0177be1d2b6aa9deed02ff949adb51e38a3a1817401

From what I can see, an error occurs on this link, mentioning that the redirect_uri is not whitelisted. In the URL, you have redirect_uri set to

http://me:5000/user/auth/oktaoauth/callback

while in the openid application you have it set to

http://me:5000/users/auth/oktaoauth/callback/

Would it be possible to match the URLs and try again?

3

Thank you very much for the response. It’s very clear and straight forward.

I just hung up with your support team. Just in case anybody follows this same path, the problem was exactly the one you mention above: I had the wrong type of evaluation account. I had a workforce automation trial, and wanted a developer trial. The developer trial can be had here.

Also, thanks for pointing out my “s” in the url. I did so many tests and re-tests that I’m sure I got sloppy someplace along the line. Thanks again.

4

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.