Setting up a Custom OpenID Connect Identity Provider

In our Okta instance, we are attempting to add our application as an OpenID Connect Identity Provider. We have configured the Identity Provider in our Okta instance and updated our Okta Login screen to show the sign-in button for this custom provider.

The flow to our OAuth process works fine, and we are redirecting the user back to Okta. We can see from our logs that Okta is successfully making a request to our callback endpoint and getting a 200 response with an access token. The form of our response follows the OpenID specification and has a key for access_token and id_token.

However, we receive an error message upon redirecting to Okta, and the logs in Okta are showing the following error message.

Do you have access to logs at the identity provider? Do you see any signs of a failure on that side? That message usually means something about the /token call failed such as Okta being provided incorrect auth OR the token not passing validation (such as ensuring the iss matches the Issuer configured for the IdP).

When in doubt, its a good idea to re-review the integration guide the configuration for the IdP to see if there are any typos.

1 Like