DanielM.86160 (Customer) asked a question.
See below the error I get when trying to verify an event hook.
If I make a POST request to the event hook endpoint, via Postman, it works. Similarly, GET with the X-okta-verification-challenge works as well via Postman (3rd attachement). It works with curl too. Via Okta, it just doesn’t work. We’ve checked; the request doesn’t reach our service.
Call identical to that in Okta in Postman:
Successful call straight to the event hook endpoint:
In a previous post, I saw that the response should be encoded in utf8. With application/json it’s by default utf-8 and this page doesn’t indicate the response of the verification call the Okta backend makes needs to explicitly defined as utf-8:
It’s not the first event hook integration we make with an Okta org and our other orgs are fine with application/json being returned.
Is there a way you could tell me what the Okta backend is getting back for this failed call? It’s very hard to debug with a generic error message like this. If I don't have a more accurate feedback I can't move forward. I’ve been trying to figure this out for the last three days…
@DanielM.86160 (Customer) -- Are you sure Okta can reach the endpoint? You mentioned both Postman and cURL but those are both typically tools that originate from an on-prem source. If the API endpoint is restricted by IP (such as you being connected to a VPN) then everything might work great with your testing tools as the origin but fail from other origins.
If you can rule that scenario out I would suggest opening a Support case with our Management & Monitoring group as based on your third screenshot the API is handling the GET request exactly as described in the documentation. The only difference I see is exactly 1 space in the response. But its outside the double " which I wouldn't expect to be relevant. For additional troubleshooting org / api endpoint specific information is likely going to be required which shouldn't be put in a public forum.
https://developer.okta.com/docs/concepts/event-hooks/
>The way your service needs to handle this one-time verification is as follows: The request from Okta contains an HTTP header named x-okta-verification-challenge. Your service needs to read the value of that header and return it in the response body, in a JSON object named verification: that is: { "verification" : "value_from_header" }. The value_from_header is found in the request HTTP header, but you need to send it back in a JSON object.
It turns the request from Okta ended up being redirected instead of proxied to the intended endpoint in our infrastructure. And the Okta backend wasn't happy with being redirected.
Our workaround at this point is to refer to the proxied url in the set up of the Okta eventhook.
We will look at how we can resolve this internally so that the event hook is set up with the original url.
Thanks for your feedback and you can proceed by closing this ticket.
@DanielM.86160 (Customer) -- Glad you got a handle on it.
Also, it isn't a case so nothing to close out 🙂