byrond.01329 (Customer) asked a question.
Validate nonce/state tokens using OIDC authentication
I am attempting to use okta as an OIDC identity provider for a drupal application. (it will perform JIT Okta identity creation) The redirect URL is:
The returned authorized payload contains values:
[state] => RXd4UkdDazFNWFlZWjFXVG5JRUpJb25FWjBjeU1ibDl2RzA3eUtwQjNyK0RkSGRWXXXXXXXXXXXXX
[nonce] => TfsUxrDnRfngYsXXXXXXXXXXX_XXXXXXX
I want to validate that the state/nonce values I provide are the same as being returned. My question is:
Why arent the state and nonce values the same as what i provide? and if they are encoded versions of what i provided, how can i decode them?
Hi @byrond.01329 (Customer) , Thank you for reaching out to the Okta Community!
We don't have a OIDC app integration for Drupal in our Okta Integrations Network catalog and as such we do not have any guides.
There seems to be one on the Drupal side though:
https://www.drupal.org/docs/contributed-modules/drupal-oauth-openid-connect-login-oauth2-client-sso-login/configure-okta-as-oauth-openid-connect-provider-for-drupal-login
That being said, my advice would be to reach out to the devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.