2t1fq (2t1fq) asked a question.
Hiho,
I was trying to finish up an already working implementation for SSO with Okta with a new okta account (as i wasnt able to access my old anymore, but thats another topic), so i added up in this new okta the 2 applications that I need for working, one Service API Application that allows me to sync the users, and another OIDC SSO application for allowing SSO login, both have the same jwks_uri, and the Service API is actually working fine, BUT the SSO application is throwing the error: "Error retrieving the client JWKSet from jwks_uri." and I can't get my head around why this can be, if the other application with the same jwks_uri just works absolute fine?
What could be reasons why I get this error, if the same URL works on another application? I also explicit copied the text field from the working app for the jwks_uri into the not working application just to be sure, but whatever I try the SSO application always throws that error. I also triple checked the client ids and everything, and i am out of ideas what i could check :D.
Thanks in advance for any hint on this!
Hello @2t1fq (2t1fq) Thank you for reacting out to our Community!
Are you using a custom domain URL? If so verify the cert chain is installed correctly. Some clients might have the intermediary cert(s) while others don't.
Could also happen even if not using a custom domain and one of the clients does not have the correct root setup. Or vice versa, the server not having Okta certs in it’s trusted store.
If you are using our SKD, I believe the Okta Node JWT verifier error.message in one of the above cases would be "Error retrieving the client JWKSet from jwks_uri."
But if instead you were to print the entire error object would get more information about the underlying connection issue.
My advice would be to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
https://devforum.okta.com/
Hope this helps and if this answered your question, please mark this as Best Answer!
The SAME URL(!!!!) works fine on another application. All your hints are only helpful if the URL wouldn't be working at all. But the URL works, I have a working application which uses this jwks_uri, the exact same URI that doesn't work on the other application. That is why I am asking: What should it be that the URL doesn't work on one application but works absolutely fine on another?
I added btw another SSO Application and this one again gives me the "Error retrieving the client JWKSet from jwks_uri." error. It is just specific to the SSO applications and I have no idea what could be the difference.