Redirect URI for cloud hosted web app

I was able to get the redirect URI and sign in working when hosting my web app locally (on localhost:8000) but when I move it to cloud hosted, the redirect URI no longer works after updating everything. I am using the django-okta-auth repository to allow me to use okta with django, outlined here: GitHub - AzMoo/django-okta-auth: Django Okta Auth is a library that acts as a client for the Okta OpenID Connect provider..

Old redirect URI from my okta dev app settings:

http://localhost:8000/authorization-code/callback
http://localhost:8000/accounts/oauth2/callback
http://localhost:8000/accounts/callback

Old redirect URI from my settings.py file:

http://localhost:8000/accounts/oauth2/callback

New redirect URI from my okta dev app settings:

https://www.my-site.com/authorization-code/callback
https://www.my-site.com/accounts/oauth2/callback
https://www.my-site.com/accounts/callback

New redirect URI from my settings.py file:

https://www.my-site.com/accounts/oauth2/callback

My URL pattern to login:
path(‘accounts/’, include((“okta_oauth2.urls”, “okta_oauth2”), namespace=“okta_oauth2”)),

And the file containing the views for logging in and out of okta:

import logging

from django.contrib import messages
from django.contrib.auth import authenticate, login as auth_login, logout as auth_logout
from django.contrib.messages.api import MessageFailure
from django.http import (
    HttpResponseBadRequest,
    HttpResponseRedirect,
    HttpResponseServerError,
)
from django.shortcuts import redirect, render
from django.urls import reverse
from django.urls.exceptions import NoReverseMatch

from .conf import Config

logger = logging.getLogger(__name__)


def login(request):
    config = Config()

    okta_config = {
        "clientId": config.client_id,
        "url": config.org_url,
        "redirectUri": str(config.redirect_uri),
        "scope": config.scopes,
        "issuer": config.issuer,
    }
    response = render(request, "okta_oauth2/login.html", {"config": okta_config})

    _delete_cookies(response)

    return response


def callback(request):
    config = Config()

    if request.method == "POST":
        return HttpResponseBadRequest("Method not supported")

    if "error" in request.GET:
        error_description = request.GET.get(
            "error_description", "An unknown error occurred."
        )
        try:
            messages.error(request, error_description)
        except MessageFailure:
            return HttpResponseServerError(error_description)
        return HttpResponseRedirect(reverse("okta_oauth2:login"))

    code = request.GET["code"]
    state = request.GET["state"]

    # Get state and nonce from cookie
    cookie_state = request.COOKIES["okta-oauth-state"]
    cookie_nonce = request.COOKIES["okta-oauth-nonce"]

    # Verify state
    if state != cookie_state:
        return HttpResponseBadRequest(
            "Value {} does not match the assigned state".format(state)
        )

    user = authenticate(request, auth_code=code, nonce=cookie_nonce)

    if user is None:
        return redirect(reverse("okta_oauth2:login"))

    auth_login(request, user)

    try:
        redirect_url = reverse(config.login_redirect_url)
    except NoReverseMatch:
        redirect_url = config.login_redirect_url

    return redirect(redirect_url)


def logout(request):
    auth_logout(request)
    return HttpResponseRedirect(reverse("okta_oauth2:login"))


def _delete_cookies(response):
    # The Okta Signin Widget/Javascript SDK aka "Auth-JS" automatically generates
    # state and nonce and stores them in cookies. Delete authJS/widget cookies
    response.delete_cookie("okta-oauth-state")
    response.delete_cookie("okta-oauth-nonce")
    response.delete_cookie("okta-oauth-redirect-params")

To add more information, I am hosting this web page on pythonanywhere and have a domain name that I own that is forwarded to my pythonanywhere cname. The “my-site” that I am using in the redirect URI is coming from my domain name, not my pythonanywhere cname.

Any help would be greatly appreciated!

Check Okta Application Settings: In your Okta developer console, ensure that the redirect URIs are correctly set up for your application. The URIs should match exactly with what you have in your Django settings.py file. For example the above urls it should be below.

  • https://www.my-site.com/authorization-code/callback
  • https://www.my-site.com/accounts/oauth2/callback
  • https://www.my-site.com/accounts/callback

Please read this for more info on this - Okta Help Center (Lightning)

I also suspect there might be a config mismatch in your Django config.

In your Django settings.py file, ensure that the config.redirect_uri key in your dictionary is correctly configured with the new redirect URI. This configuration should match the redirect URIs you’ve set in your Okta application settings.

Check for HTTPS vs Http : Since you’re using HTTPS in your redirect URIs, ensure that your PythonAnywhere web app is configured to serve content over HTTPS. If there is a mismatch of even a character you will get this error thrown.