z9wul (z9wul) asked a question.
preserve the state of a nested oidc flow
hello all,
I have the following scenario:
- user arrives on site A and wants to login
- site A initiates an OIDC flow with OKTA and arrives to OKTA's login page
- on OKTA's login page, the user initiates another OIDC login flow with site B
- once the user is logged in to site B, a code returns to OKTA which is successfully changed with a session
- BUT it seems that OKTA loses the context - and doesn't redirect back to site A with its own code
tl;dr -
expected: siteA -> OKTA -> siteB -> OKTA -> siteA
actual: siteA -> OKTA -> siteB -> OKTA dashboard
some more details:
from siteA, arriving to the OKTA's page: /oauth2/v1/authorize , with the following QS params:
- client_id
- response_type: code
- scope: openid email profile
- redirect_uri: siteA's code endpoint
- state
when initiating the OIDC flow from the above OKTA page to siteB, i'm calling OKTA's endpoint: /sso/idps/{clientId}
i've tried forwarding the `state` - but it was ignored.
any idea?
Hi @z9wul (z9wul) , Thank you for reaching out to the Okta Community!
I'm not sure if this flow is supported, but this question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work).
In the meantime, you can review the following post that seems to discuss a similar experience, although they mentioned it being in conjunction with Google Login: https://devforum.okta.com/t/oidc-login-redirect-not-working/14039
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.