Reputation: 73
Error when using Okta Authentication with Next Auth
I am running into an error when using next-auth, and Okta as the provider. It redirects me back to my app but I get a page saying 'try signing in with another account' and redirects to 'api/auth/signin?error=Callback'
The error I get in the terminal with next auth's debugger is:
[next-auth][debug][oauth_callback_protection] Comparing received and expected state {
state: 'b3ef7bf3d4a5aa8f5f81fc95260502b0a206180bd0a831bb27b26d8c21271e33',
expectedState: 'b3ef7bf3d4a5aa8f5f81fc95260502b0a206180bd0a831bb27b26d8c21271e33'
}
[next-auth][error][oauth_get_access_token_error]
https://next-auth.js.org/errors#oauth_get_access_token_error {
statusCode: 401,
data: '{"errorCode":"invalid_client","errorSummary":"No client credentials found.","errorLink":"invalid_client","errorId":"******************","errorCauses":[]}'
} undefined undefined
[next-auth][error][oauth_get_access_token_error]
https://next-auth.js.org/errors#oauth_get_access_token_error {
statusCode: 401,
data: '{"errorCode":"invalid_client","errorSummary":"No client credentials found.","errorLink":"invalid_client","errorId":"**************","errorCauses":[]}'
} okta ************************
[next-auth][error][oauth_callback_error]
https://next-auth.js.org/errors#oauth_callback_error {
statusCode: 401,
data: '{"errorCode":"invalid_client","errorSummary":"No client credentials found.","errorLink":"invalid_client","errorId":"*******************","errorCauses":[]}'
}
This is my Okta App settings:
I have checked the cliendID and client secret and they are correct. Does anyone have any clues? I know it can work with okta because I have had it working with another app, but I have tried to replicate the exact same setup.
in [...nextauth].js:
Providers.Okta({
clientId: process.env.OKTA_CLIENT_ID,
clientSecret: process.env.OKTA_CLIENT_SECRET,
domain: process.env.OKTA_DOMAIN,
accessTokenUrl: `https://${process.env.OKTA_DOMAIN}/oauth2/default/v1/token`,
authorizationUrl: `https://${process.env.OKTA_DOMAIN}/oauth2/default/v1/authorize/?response_type=code`,
})
Upvotes: 1
Views: 2323
Answers (1)
Reputation: 31
It is a bug in next-auth package. Had the same issue and after debugging with a colleague and trying out a couple of things we came to following patch that works for us.
diff --git a/node_modules/next-auth/dist/server/lib/oauth/client.js b/node_modules/next-auth/dist/server/lib/oauth/client.js
index b4e48c2..7f68dd7 100644
--- a/node_modules/next-auth/dist/server/lib/oauth/client.js
+++ b/node_modules/next-auth/dist/server/lib/oauth/client.js
@@ -160,7 +160,7 @@ function _getOAuth2AccessToken() {
headers.Authorization = 'Basic ' + Buffer.from(provider.clientId + ':' + provider.clientSecret).toString('base64');
}
- if ((provider.id === 'okta' || provider.id === 'identity-server4') && !headers.Authorization) {
+ if ((provider.id === 'identity-server4') && !headers.Authorization) {
headers.Authorization = "Bearer ".concat(code);
}
The issue seems to be an issue with sending both client_id and secret as query parameters but also sending a Authorization header. Removing the Authorization header made the idp integration work.
Also worth noting this; https://developer.okta.com/docs/reference/api/oidc/#client-secret
Upvotes: 3
Related Questions
- There is a problem with the server configuration. NextAuth
- Next-Auth signIn with Credentials is not working in NextJS
- next-auth only valid absolute URLs can be requested
- Getting a Refresh Token from NextAuth Okta Provider
- oauth with next-auth ans Okta not working
- Next auth credentials
- NEXT JS using Auth0 runtime error that disappears after a second
- Skip SignIn page with next-auth.js to go directly to provider
- nextauth with custom Okta provider
- Using Oauth 2.0 with Next js