Authenticated Web Messenger integration with Okta multiple page

Ce_Jen_Tan · January 11, 2024, 7:51am

Hello,

Thanks to the detail documentation and sample, I have successfully get the Web Messenger authenticated with Okta working.

However, we are deploying this to a web site that hosted multiple pages. As we call AuthProvider.getAuthCode, we need to configure redirectUri in Okta application. This way each time we load a page, we will request for a new Authentication code so that it will launch Web Messenger.

For example,
AuthProvider.registerCommand('getAuthCode', (e) => {
e.resolve({
authCode: authCode,
redirectUri: sRedirectURL, //need to add all the pages to Okta application?
nonce: sNonce,
maxAge: 86400
});
});

My question is if we are deploying Web Messenger to multiple pages, does that mean we need to configure multiple redirectURI in Okta application as well?

Although Okta accept wilcard. However, as we dive into this
Redirect URI wildcard for path variable instead of subdomain? - OAuth/OIDC - Okta Developer Community,
from Okta side, they are not able to wildcard path. They can do it for subdomain.

This will lead to adding multiple absolute redirectURI in Okta. Please let me know if this is best practice.
Also, what if there is dynamic URL and what could be the best practice?

Please let me know if anyone come across this before.

Many Thanks,
CJ

vpirat · January 15, 2024, 8:00am

Hi,

Thanks for reaching out and congrats to get authentication working.
Not always a smooth journey !

Unfortunately, this is a restriction from the provider and there's nothing much to do about this.
So having multiple Url callbacks is good to go I guess.

Alternatively, you could implement the following workaround:

Implement a single callback url on your app, and therefore in Okta.
Use the state parameter that is set when calling /authorize to encode the final (callback) url page you target.
So, something like state=
When the authorization server calls back your single entry point, decode the state parameter and navigate to the url embedded.

/authorize?client_id=<client_id>
&response_type=code
&response_mode=fragment
&scope=openid%20profile%20email%20offline_access%20phone
&redirect_uri=<single_entry_point_url>
&state=base64Url(<final_url>)

Hope this helps,

Regards,
V.P.

system · February 15, 2024, 8:00am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.