I’ve set up Single Sign-On (SSO) with Okta using OpenID Connect (OIDC) for my Single Page Application (SPA). The setup works perfectly on my local environment, but in production (which uses HTTPS) the same configuration returns null for the access_token and other fields. Here are the details of my setup:
Local Configuration:
Environment: Localhost, HTTP
Status: SSO works perfectly, access token and other fields are correctly populated.
Production Configuration:
Environment: Production, HTTPS
Status: SSO initiates but returns null for access_token and other fields.
Steps I’ve Taken:
Configured the Okta application with the appropriate redirect URIs for both local and production environments.
Enabled PKCE in my Okta application.
Set up CORS in Okta to allow requests from my production domain.
Using Okta Auth JS Library with the following configuration: