Hi Erik,
Thank you so much for the incredible insight. Your intuition was 100% correct. For others who may come across this post, the issue has been resolved by creating a custom OAuth2AuthorizationRequestResolver in spring that adds the idp query parameter when redirecting to Okta.
-
We are using the Okta hosted login page, but registration is a fully custom experience (Not using self service registration).
-
Our Angular app does make an authorization call to our Spring app to authenticate a user against Okta.
-
Just a note here. I wish the docs were a bit more clear on an approach like this. You can choose Spring/Angular when looking through Okta documentation. I just wish the documentation continues past testing the external idp using the Okta provided urls.
Really appreciate the help here! Thank you!