Setting up a Custom OpenID Connect Identity Provider

jordangraft · October 31, 2022, 1:22am

In our Okta instance, we are attempting to add our application as an OpenID Connect Identity Provider. We have configured the Identity Provider in our Okta instance and updated our Okta Login screen to show the sign-in button for this custom provider.

The flow to our OAuth process works fine, and we are redirecting the user back to Okta. We can see from our logs that Okta is successfully making a request to our callback endpoint and getting a 200 response with an access token. The form of our response follows the OpenID specification and has a key for access_token and id_token.

However, we receive an error message upon redirecting to Okta, and the logs in Okta are showing the following error message.

andrea · October 31, 2022, 3:03pm

Do you have access to logs at the identity provider? Do you see any signs of a failure on that side? That message usually means something about the /token call failed such as Okta being provided incorrect auth OR the token not passing validation (such as ensuring the iss matches the Issuer configured for the IdP).

When in doubt, its a good idea to re-review the integration guide the configuration for the IdP to see if there are any typos.

Post		Replies	Views
Using my own identity provider, it fails to sign in but then tries to connect to user info and throws an invalid user info OAuth/OIDC idp	5	702	July 6, 2024
Userinfo response from the Identity Provider is invalid Questions	2	5172	August 21, 2020
Can Okta be an OpenID Connect Provider for my application? OAuth/OIDC	4	6081	June 29, 2017
FAILURE: Unable to retrieve an access token for the identity provider OAuth/OIDC	5	4045	February 15, 2024
Error Message: Identity Provider Not valid OAuth/OIDC	2	1924	February 13, 2024

Setting up a Custom OpenID Connect Identity Provider

Related topics