I was able to get the redirect URI and sign in working when hosting my web app locally (on localhost:8000) but when I move it to cloud hosted, the redirect URI no longer works after updating everything. I am using the django-okta-auth repository to allow me to use okta with django, outlined here: GitHub - AzMoo/django-okta-auth: Django Okta Auth is a library that acts as a client for the Okta OpenID Connect provider..
Old redirect URI from my okta dev app settings:
http://localhost:8000/authorization-code/callback
http://localhost:8000/accounts/oauth2/callback
http://localhost:8000/accounts/callback
Old redirect URI from my settings.py file:
http://localhost:8000/accounts/oauth2/callback
New redirect URI from my okta dev app settings:
https://www.my-site.com/authorization-code/callback
https://www.my-site.com/accounts/oauth2/callback
https://www.my-site.com/accounts/callback
New redirect URI from my settings.py file:
https://www.my-site.com/accounts/oauth2/callback
My URL pattern to login:
path(‘accounts/’, include((“okta_oauth2.urls”, “okta_oauth2”), namespace=“okta_oauth2”)),
And the file containing the views for logging in and out of okta:
import logging
from django.contrib import messages
from django.contrib.auth import authenticate, login as auth_login, logout as auth_logout
from django.contrib.messages.api import MessageFailure
from django.http import (
HttpResponseBadRequest,
HttpResponseRedirect,
HttpResponseServerError,
)
from django.shortcuts import redirect, render
from django.urls import reverse
from django.urls.exceptions import NoReverseMatch
from .conf import Config
logger = logging.getLogger(__name__)
def login(request):
config = Config()
okta_config = {
"clientId": config.client_id,
"url": config.org_url,
"redirectUri": str(config.redirect_uri),
"scope": config.scopes,
"issuer": config.issuer,
}
response = render(request, "okta_oauth2/login.html", {"config": okta_config})
_delete_cookies(response)
return response
def callback(request):
config = Config()
if request.method == "POST":
return HttpResponseBadRequest("Method not supported")
if "error" in request.GET:
error_description = request.GET.get(
"error_description", "An unknown error occurred."
)
try:
messages.error(request, error_description)
except MessageFailure:
return HttpResponseServerError(error_description)
return HttpResponseRedirect(reverse("okta_oauth2:login"))
code = request.GET["code"]
state = request.GET["state"]
# Get state and nonce from cookie
cookie_state = request.COOKIES["okta-oauth-state"]
cookie_nonce = request.COOKIES["okta-oauth-nonce"]
# Verify state
if state != cookie_state:
return HttpResponseBadRequest(
"Value {} does not match the assigned state".format(state)
)
user = authenticate(request, auth_code=code, nonce=cookie_nonce)
if user is None:
return redirect(reverse("okta_oauth2:login"))
auth_login(request, user)
try:
redirect_url = reverse(config.login_redirect_url)
except NoReverseMatch:
redirect_url = config.login_redirect_url
return redirect(redirect_url)
def logout(request):
auth_logout(request)
return HttpResponseRedirect(reverse("okta_oauth2:login"))
def _delete_cookies(response):
# The Okta Signin Widget/Javascript SDK aka "Auth-JS" automatically generates
# state and nonce and stores them in cookies. Delete authJS/widget cookies
response.delete_cookie("okta-oauth-state")
response.delete_cookie("okta-oauth-nonce")
response.delete_cookie("okta-oauth-redirect-params")
To add more information, I am hosting this web page on pythonanywhere and have a domain name that I own that is forwarded to my pythonanywhere cname. The “my-site” that I am using in the redirect URI is coming from my domain name, not my pythonanywhere cname.
Any help would be greatly appreciated!