Tony Castle
Tony Castle

Reputation: 3

oauth with next-auth ans Okta not working

I'm trying to provide SSO to a next.js app with Okta but it's not working and I don't know why. Worked perfect;y with Google.

I get the error: [next-auth][error][GET_AUTHORIZATION_URL_ERROR] https://next-auth.js.org/errors#get_authorization_url_error only valid absolute URLs can be requested

and stack output:

provider: {
id: 'okta',
name: 'Okta',
type: 'oauth',
wellKnown: 'xxxxxxx.okta.com/.well-known/openid-configuration',
authorization: { params: [Object] },
idToken: true,
profile: [Function: profile],
checks: [ 'state' ],
clientId: 'xxxxxxxxxx',
clientSecret: 'xxxxxxxxx',
issuer: 'xxxxx.okta.com',
signinUrl: 'http://localhost:3000/api/auth/signin/okta',
callbackUrl: 'http://localhost:3000/api/auth/callback/okta'

}, message: 'only valid absolute URLs can be requested'

It's frustrating because I have no idea what the issue is. The callback and signinURI look fine and match what I entereed in Okta web app setup.

In [...nextauth].js I have tried to enable debugging but that gave me zero extra output:

export default NextAuth({
  providers: [
    OktaProvider({
      clientId: process.env.OKTA_CLIENT_ID,
      clientSecret: process.env.OKTA_CLIENT_SECRET,
      issuer: process.env.OKTA_DOMAIN,
   }),
   GoogleProvider({
      clientId: process.env.GOOGLE_ID,
      clientSecret: process.env.GOOGLE_SECRET,
   }),
  ],
  debug: true,
});

If anyone has any ideas I would be super grateful. It would be nice to at least know what next-auth is doing under the hood - like checking which url it is trying to reach etc.

Many thanks!

Tony

Upvotes: 0

Views: 1884

Answers (2)

tdesmond
tdesmond

Reputation: 91

I put together a blog post for setting up Next.js, NextAuth.js, and Okta. It gives examples of your //pages/api/[...nextauth].ts file and .env.local as well. It shows using https for issuer variable as well.

https://thetombomb.com/posts/nextjs-nextauth-okta

Upvotes: 0

Jeff Daze
Jeff Daze

Reputation: 389

I just tried this today and indeed I got the same error -- my fix was to add https:// to the front of the issuer value and that seemed to make it work (which was interesting because the tutorial I was following specifically said to omit it).

eg instead of:

issuer: 'xxxxx.okta.com',

I used:

issuer: 'https://xxxxx.okta.com',

and that seemed to resolve my issue.

Hope this helps!

Upvotes: 1

Related Questions