Reputation: 3
I'm trying to provide SSO to a next.js app with Okta but it's not working and I don't know why. Worked perfect;y with Google.
I get the error: [next-auth][error][GET_AUTHORIZATION_URL_ERROR] https://next-auth.js.org/errors#get_authorization_url_error only valid absolute URLs can be requested
and stack output:
provider: {
id: 'okta',
name: 'Okta',
type: 'oauth',
wellKnown: 'xxxxxxx.okta.com/.well-known/openid-configuration',
authorization: { params: [Object] },
idToken: true,
profile: [Function: profile],
checks: [ 'state' ],
clientId: 'xxxxxxxxxx',
clientSecret: 'xxxxxxxxx',
issuer: 'xxxxx.okta.com',
signinUrl: 'http://localhost:3000/api/auth/signin/okta',
callbackUrl: 'http://localhost:3000/api/auth/callback/okta'
}, message: 'only valid absolute URLs can be requested'
It's frustrating because I have no idea what the issue is. The callback and signinURI look fine and match what I entereed in Okta web app setup.
In [...nextauth].js I have tried to enable debugging but that gave me zero extra output:
export default NextAuth({
providers: [
OktaProvider({
clientId: process.env.OKTA_CLIENT_ID,
clientSecret: process.env.OKTA_CLIENT_SECRET,
issuer: process.env.OKTA_DOMAIN,
}),
GoogleProvider({
clientId: process.env.GOOGLE_ID,
clientSecret: process.env.GOOGLE_SECRET,
}),
],
debug: true,
});
If anyone has any ideas I would be super grateful. It would be nice to at least know what next-auth is doing under the hood - like checking which url it is trying to reach etc.
Many thanks!
Tony
Upvotes: 0
Views: 1884
Reputation: 91
I put together a blog post for setting up Next.js, NextAuth.js, and Okta. It gives examples of your //pages/api/[...nextauth].ts
file and .env.local
as well. It shows using https
for issuer
variable as well.
https://thetombomb.com/posts/nextjs-nextauth-okta
Upvotes: 0
Reputation: 389
I just tried this today and indeed I got the same error -- my fix was to add https:// to the front of the issuer value and that seemed to make it work (which was interesting because the tutorial I was following specifically said to omit it).
eg instead of:
issuer: 'xxxxx.okta.com',
I used:
issuer: 'https://xxxxx.okta.com',
and that seemed to resolve my issue.
Hope this helps!
Upvotes: 1