Reputation: 723
Okta redirect URI when used as OpenID IDP provider in Azure AD B2C
I'm trying to set up Okta as an OpenID Connect provider in my Azure AD B2C tenant. Something is off with my configuration. It's throwing an error when I test the B2C user flow saying:
Error Code: invalid_request
Description: The 'redirect_uri' parameter must be a Login redirect URI in the client app
Here are the steps I followed
Okta
- Create application OpenID Connect application
- Assign users to this application
- Take note of client ID and secret
- Based on this documentation, I set the sign-in redirect URI to
https://B2CTenantName.b2clogin.com/B2C tenant ID/oauth2/authresp https://colinwurtzb2c.b2clogin.com/eb178344-61bd-4822-95cf-7a251aaba527/oauth2/authresp
Azure
- Create a new App Registration and set redirect URI to
http://localhost:3000 - Added new OpenID Connect provider
- Filled out this form with client ID, metadata URL, and client secret provided by Okta
- Created a user flow called B2C_1_SignInOkta
- Assign the newly added OpenID Connect Okta provider to this user flow.
- Attempt to run the user flow, but it immediately redirects to Okta with error listed above.
Upvotes: 0
Views: 940
Answers (2)
Reputation: 723
In addition to being consistent with the link, I had to add a few scopes in the custom IDP screen and map email to User ID in the claims mapping section.
Upvotes: 0
Reputation: 414
I believe you need to be consistent which URL pattern / tenant identifier you use. If you set up Okta application with https://colinwurtzb2c.b2clogin.com/eb178344-61bd-4822-95cf-7a251aaba527/oauth2/authresp (using tenant Id) then you need to open your user flow also using tenant Id. Your screen shows the default Azure Portal option with tenant name, so the URL starts with https://colinwurtzb2c.b2clogin.com/colinwurtzb2c.onmicrosoft.com/(...). My guess is that in this case AAD B2C makes a request to Okta using https://colinwurtzb2c.b2clogin.com/colinwurtzb2c.onmicrosoft.com/oauth2/authresp which is different then the one you set up and hence the error. So, either set up Okta with the URL including tenant name or use tenant Id while running AAD B2C user flow.
Upvotes: 1
Related Questions
- OKTA - OAuthError: Illegal value for redirect_uri parameter
- How to implement AAD B2C and OKTA Integration?
- Prevent Okta from authenticating user during OAuth 2.0 authorization redirect
- Okta SSO with Azure ADB2C
- How to get Azure OIDC to respect my redirect URI?
- How to integrate Okta as IDP using SAML with Azure AD B2C?
- Integration of Azure with OKTA using OIDC
- IDP initiated SSO fails with OKTA as an IDP in Azure
- Detailed steps to configure Okta as an IDP in Azure AD
- How to handle redirect url for mobile application - OAuth 2.0 Authorization Code Flow with PKCE