Setup confusion - netcore webapp works doesn't work from AWS

I am new to web development in general so I’m certain I’m just doing something silly.

I have set up a Net Core 2.0 Mvc web page which is being hosted on AWS. It is essentially a shell at the moment and doesn’t actually do anything at all. It’s just a test harness for me to build on and learn from.

I have it set up with my Okta account to handle user authentication/authorization. If I run locally in my visual studio environment everything works just fine. I can login and log out and end up right where I am supposed to be on the site.

When I try to access the site on AWS through my domain. I get a 400 ‘Bad Request’ error with the added information of:

Identity Provider: Unknown
Error Code: invalid_request
Description: The ‘redirect_uri’ parameter must be an absolute URI that is whitelisted in the client app settings.

I assume that since I can actually get to the website by itself, that one of two things are happening.

Either the settings I have in Okta are incorrect OR perhaps the port assignments in AWS’s security group is not correct.

My Okta application settings are:

Login Redirect URIs:

Login initiated by: App Only

Initiate login URI [[removed because new users can’t post so many links]]

Under Trusted Origins
name: my_domain_name_net
origin url: [[removed because new users can’t post so many links]]

CORS and REDIRECT are both checked.

On AWS my security profile has inbound rules for port 80 and port 51400 so both ports should be open.

As far as the settings above, I assumed that localhost did not mean the EC2 instance but rather my local computer. So that is why I added the URIs. Should I take those out? Maybe change them to port 80?

any idea what’s going on?

I’ve been battling this for over 24 hours now. and It just started working.

so… what I did was this. I deleted the ‘application’ in Okta and created a fresh application profile with stock URI in it.

To start with the URI all say localhost…So I modified those with the port that my visual studio is using to spawn IIS…

when that worked locally… I added another Login redirect and Logout redirect URI with the exact same path as the original.

Then I changed the localhost:<> to my domain name… WITHOUT the port number.

and it worked.

With the port number it gives me the error mentioned above. Without it… it works as intended.

What I don’t get though is that I opened up the port I’m using on the AWS instance… so, really shouldn’t it just work?

The only thing I can think of is that the default port for all internet stuff is 80. …and it’s not like I told my app ‘go listen on 41000’. IIS probably redirects from 80 to whatever you specify to avoid port conflicts. So technically my app is still listening on 80 even if IIS is doing the redirect… so when it gets deployed to AWS it’s expecting stuff on 80 and having my Okta application profile set to hit port 41000 just wasn’t getting to the application at all even though the port was open.

I’ve been a desktop/console programmer for going on 20 years…but I’ve only recently taken an interest in web stuff…I don’t know web programming enough to understand why this works. But I’ll take even an accidental win where I can.

Hopefully this will help someone else going forward.