I have a small node.js app for which I want to use Okta authentication. I've tried using the okta-auth middleware from the NPM library as well as following the example put up by ThoughtWorks on GIT which uses passport and passport-saml and both trigger the following browser error when Okta authentication is attempted:
XMLHttpRequest cannot load https://dev-850813.oktapreview.com/app/envisionhealthcaredev850813_oktaadmi…nXcHjGgYcwTnnT2oUT96m1SZuzB%2B4W2xqmsNDGXq35jM%2F0kvtCjv%2FZ%2B397%2Bg8%3D. Redirect from 'https://dev-850813.oktapreview.com/app/envisionhealthcaredev850813_oktaadmi…nXcHjGgYcwTnnT2oUT96m1SZuzB%2B4W2xqmsNDGXq35jM%2F0kvtCjv%2FZ%2B397%2Bg8%3D' to 'https://dev-850813.oktapreview.com/login/login.htm?fromURI=%2Fapp%2Fenvisio…nT2oUT96m1SZuzB%252B4W2xqmsNDGXq35jM%252F0kvtCjv%252FZ%252B397%252Bg8%253D' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8081' is therefore not allowed access.
I've successfully added Okta authentication to several C# applications with no problems like this, but can't seem to get past this with node.js. I'm guessing I'm missing something that might be obvious to others. Any help would be appreciated.
Hi - Thanks for the response. Yes I did check out that page and tried putting my site's host URL into the list, but it made no difference. One thing to understand as well is that the scheme I'm using doesn't involve the Okta API at all.
It simply attempts to redirect the request to the "entry point" that is supplied by Okta when setting up an app for Okta authentication. From the error, it appears that the failure occurs when Okta redirects to its own login page.
This doesn't happen when I do essentially the same thing with C#, and in fact, I've experimented with redirecting without using the okta-auth library or the passport/passport-saml setups and the redirects work fine.
Of course, if I have to go this way it will require building our own session management, encryption/decryption for the SAML response, etc. etc...
Was really hoping to use one of the existing libraries that are out there for node.js Okta authentication would work and they must have at some point, but don't seem to now. Clearly something has changed since they were produced, so it appears there is no longer any viable example or middleware out there for doing Okta authentication with node.js. That's pretty unfortunate...
Hi Lee The error in your first post says: ...has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8081' is therefore not allowed access.
If you don't think it's CORS issue, I'm not sure what to try next. If the community isn't able to help, you could try Okta Support. Thanks.
I'm moving forward on doing my own authentication from scratch and almost have that done. Don't have time to go back and forth with the forum or Okta support. I do appreciate the response though.
For Okta's own benefit, might be a good idea for someone there to look into the node.js examples that are floating around, because I couldn't find any that didn't have the same issue. Seems like something changed somewhere along the line that broke them. Strange, because it isn't that hard a thing to do...