This is my first project with both passport and Okta in a Nodejs app. I can get the Okta login page, successfully login to Okta, and get redirected to the callback url with a code. This works perfectly.
However, I am having a problem getting the user profile. The call to passport.authenticate in the callback hangs. There are no errors reported or in the log.
I have looked at multiple examples and tried many variations, but I do not see what I am doing wrong. Any idea?
Hello,
Are you able to verify if the /token call is happening?
If successful you should see a log entry in the Okta System.log. If there is an error in the call it may or may not show up the in the log, depending.
If you check the system.log and see no entry either positive/negative, just to test you might try changing the tokenURL in your configuration to a local route capable of handling a POST request and verify that the /token call is even happening.
Thanks for your response, I don’t have admin access to Okta, but I can verify that it does log me into Okta and returns a code to the callback without a system error. The problem seems to be returning the profile, is there a way to verify if it is, or is not, a CORS problem?
There should be no CORS request for the flow you described. When the code is returned I assume your browser is being 302 back to you Node server correct? This is not a CORS call, but a user-agent redirect.
Once the Node process receives the code it should make a call to the /token endpoint to retrieve your tokens. This happens from the Node server, so not a CORS call either.
GET /login? 302 7.681 ms - 0
GET /authorization-code/callback?code=ZKhUsbdNUNfKY0GWqpMzhNCYHrVnon41VjKmN1sWDwU&state=TzQJUv8AY%2BozCsQXYN4PDcHx 302 619.745 ms - 60
GET /profile 304 264.399 ms - -
The debugger didn’t work because the app is in production and set up in nginx. However,
I took a snap shot of the developer tools window, I hope it can help. It gets to the callback?code with
a status of “pending” then eventually times out. The full value of the “initiator” field is:
I don’t have administrator access to Okta to check the system log. Is it possible that I don’t have privilege
to read the profile? Could it have something to do with the cookie? I set it up as follows:
If you can provide the URL of your Okta Org I can check the logs.
My assumption assuming you did not make any modifications to the sample is after your browser redirects back to Node with the code value, your Node process is failing on the /token call. Most likely timing out. I suggest verifying network connectivity to your Okta Org from the process/system where nginx is running.
Another possibility is nginx is not configured correctly to route to your application for /authorization-code/callback.
We have very strict security on our servers and they are open only to specific urls. It is possible that this
server is not open to the /token endpoint. I will check with the systems person.