End Goal: After a customer adds my OIDC app from the catalog, they should be able to edit or add the redirect URI. Many vendors, such as Zscaler, implement this functionality. I need guidance on how to achieve this, as the OIN wizard is requiring me to specify a redirect URI in advance.
My use case is similar, and I want to give customers the flexibility to provide the redirect URI.
You should have a callback redirect defined for your SaaS application, for example https://bestapp.dev/login
To scale out for your customers (tenants), this is where you can use OIDC integration variables and Expression Language.
If you use subdomains for each of your tenants, their redirect URL might looks like: https://customer1.bestapp.dev/login
So you’ll need to add the subdomain as an integration variable. For more customizability check out this doc that walks you through specific options and setup:
Keep scrolling down to see the parts about OIDC properties and dynamic properties using Okta Expression Language.
Let us know if this doesn’t answer your question.
@alisaduncan Thank you for your response, but I think my question might have been misunderstood. My goal is to allow customers to add the redirect URI after they add my OIDC app from the catalog. I don’t want to predefine the redirect URI in advance while submitting in OIN.
While customers will get the URI from our service provider, I want to provide them with the flexibility to copy and paste the relevant redirect URI, similar to how some other vendors, like Zscaler, have implemented this functionality in the OIN.
ref:
I’ve already gone through the Okta documentation, but I couldn’t find a solution that fits my requirements, The OIN wizard also doesn’t allow the redirect URL field to be left empty, which is problematic since our use case is dynamic.
Could you please provide guidance on how to achieve this?
You’ll have to use an integration variable. As you stated, you can’t leave the redirect uri field blank, but it can be very dynamic using a variable.
I verified with the OIN submission team that the https protocol is required, but the rest of the uri can be dynamic. Here’s an example of how you can accomplish this in the OIN Wizard.