The 'redirect_uri' parameter must be a Login redirect URI in the client app settings

Hello there, I am new to Okta, and trying to get the sample apps downloaded from Okta works so I can understand the way it works.

I created an application, and had some parameters such as Log In Redirect URI. Then I downloaded two sample apps 1) the ASP.NET and 2) the ASP.NET Core. The ASP.NET works fine for me for both self-hosted and okta hosted mode. But the ASP.NET Core does not work. It always complain the following error.

When looking into the differences, noticed that the class of OktaMvcOptions is different from ASP.NET and .NET Core. For ASP.NET, it contains a property (RedirectUri) so we can set it to correct redirect URI. But for ASP.NET Core, there is no such a property. How it comes this way? How to fix the issue to get .Net Core works?

Thank you very much for your help.

The ‘redirect_uri’ parameter must be a Login redirect URI in the client app settings: okta-dev-12907946 - Sign In

Sorry for the context. This forum does not allow me to put everything into one post. So I have slit them into several. Please read it from top to bottom

Can you confirm that the redirect url https://localhost:44314/authorization-code/callback has been added?
https://support.okta.com/help/s/article/The-redirect-uri-parameter-must-be-an-absolute-URI

Thanks very much for the response. No, I did not set to author…callback as it does not exist in my app. but set to localhost:44314/home/index. Please note that it works fine in ASP.NET, but not works in ASP.NET Core.

Something is beyond understanding here about redirect URI. Once I changed to authorization-code/callback from home/index, it works in ASP.NET Core. But not work in ASP.NET. I have to change it back to home/index so it works in ASP.NET but not works in ASP.NET Core. We are going to replace our authentication system by Okta. This surprised my quite big. Is Okta ready to send to production line? Thank you very much.

It sounds like you made some changes in the ASP.NET sample app. When I run it, I can see the redirect_uri is set to https://localhost:44314/authorization-code/callback instead of https://localhost:44314/home/index. Also, please keep in mind that you can add multiple sign-in redirect URI’s to the app in Okta.

Thanks. but I cannot understand your reply. I did not change anything. Basically, I need to understand what rediret_uri is. my understanding is after authenticated by Okta, it will use it to direct to app’s page. My app does not have authorization-code/callback at all. Why one works this but not that?

If you’re using our sample, its designed to use https://localhost:44314/authorization-code/callback as the redirect_uri included in the authorize request, see samples-aspnet/Web.config at master · okta/samples-aspnet · GitHub

Thanks for the reply. But it still does not make any sense to me. I run two app 1) .Net Framework, 2) .Net Core. 1) works for /home/index, does not work for /authori…/ 2) works for /authori…/… does not work for /home/index. Why?

This forum does not allow me to reply now. Always says you cannot have link, actually I do not have.

When signing out, I also got this error when using the .net Core version (downloaded from the Okta). Please check these two examples in Okta. It does not work in some way and confused the developers who are leaning.

Description: The ‘post_logout_redirect_uri’ parameter must be a Logout redirect URI in the client app settings: okta-dev-12907946 - Sign In

This is what I set the urls. But when signing out from the example application, why it becomes this?
https://dev-12907946.okta.com/oauth2/default/v1/logout?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A44314%2Fsignout%2Fcallback&id_token_hint=eyJraWQi
why it passes https://localhost:44314/signout/callback???

Are you configuring your own PostLogoutRedirectUri to use instead, ala samples-aspnet/Web.config at master · okta/samples-aspnet · GitHub

The example apps are what I downloaded from Okta - one is .Net Framework, one is .Net Core. These examples needs to be fixed. Very much misleading and confusion.
The sign-in and sign-out URIs preset in application, does not work for .NET Core App . For example, the following setting does not work. In order to use the downloaded example, these two URIs have to be:
https://localhost:44314/authorization-code/callback
and
https://localhost:44314/signout/callback
This is absolutely not working for us. We need to be able to set them to different ones, for example …/home/index.

image

From what you described, the samples are working as they were designed, with the default Sign in and Sign out redirect URIs, and the issue you are facing is about modifying the application to use your own, custom URIs instead.

So have you tried changing the values I mentioned in the application code/config or only in Okta? Both places need to be updated with the URIs you are hoping to use instead.

Thanks. Your way works fine in the Net Framework app, as we can change these uri in web config to match what ever we set in the application in Okta. But it is completely not working in Net Core app, as it does not have a web config, and appsettings.json does not have such a property to set. It ends up that in the app in Okta, you have to set redirect uri = …/authentication-code/callback, and logout redirect = …/signout/callback. We want to be able to freely set these URI for .Net Core as well, either programmatically or through appsettings.json. When I am saying the example does not work, I do mean this → 1. You register an app, you would have the following settings


2. You download the example app (.Net Core). It will NOT run! This confused developer very much as Example from Okta does not work. Why do not try above 1 and 2 to replicate the issue so you could understand where the .Net Core was not right.

As a developer, I am learning Okta, trying to understand everything. There is no where to mention that if the app is .net core, your two URis have to be set in a certain way and you cannot change it.