Okta api invalid request

Question

I'm trying to fit the Okta Asp.NET Core Mvc example (https://github.com/oktadeveloper/okta-aspnetcore-mvc-example) into my React Asp.Net Core app. (The reason I'm not using Okta's React example is that it uses Babel and my VS2017 React project uses Typescript.) The Mvc example runs fine against my Okta account, and my React app compiles and runs w the Okta SDK and other code copied from the Mvc example, but I can't get it to authenticate.

Okta returns an http 400: Identity Provider: unknown, Error Code: invalid request, Description: the 'redirect_uri' parameter must be an absolute Uri that is whitelisted in the client app settings.

All I've done is add [authorize] attribs to my controller and a button that requests account/login. Both actions return the same error. I do have the app Url in my Okta app settings.

Answer 1

This, most likely does not have anything to do with React/asp.net but the OIDC flow. If we strip down the SDK, your call to get the jwt token will look something like this: {{url}}/oauth2/v1/authorize?idp=0oae59ifqdtRaTT4G0h7&client_id={{client_id}}&response_type=id_token&response_mode=fragment&scope=openid&redirect_uri=https://www.bing.com

note the redirect_uri above should be the listed in your application setting. To do that: go to Okta's admin dashboard > application >application > choose the application that you used the id of above, and add the above URL to "Login redirect URIs" in the general tab. If that is correct make sure there is no space in the above request.