stikx (stikx) asked a question.
I have created a WorkFlow Connector via Connector Builder and I am experiencing issues on how to debug a Connection Issue. When I create a Test Connection and provide all the Client Id and Secret, it successfully conects to the IdP and I can see it gets something back, but what I am not sure as it fails with a "Failed to create connection" message.
The URL
curl --location 'https://xxxx/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' \
--header 'Authorization: Basic xxxxxxx' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=xxxx' \
--data-urlencode 'redirect_uri=https://oauth.workflows.okta.com/oauth/xxxx/cb'
Nothing shows in the System Log.
Any ideas?
Hello @stikx (stikx) Thank you for posting on our Community page!
Please see below our doc on this matter that explains why this is failing:
https://support.okta.com/help/s/article/Why-does-my-connection-say-its-failing-when-I-test-it-when-the-connection-is-still-working-in-active-Okta-Workflows?language=en_US
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Okay, I am confused as I don't see any option to set a health check URL.
If I follow the URL generate from the Test Connection I can see it returns a `code` to the `redirect_uri` and the sign in window closes. The error occurs in the step Okta Workflow is doing internally to which I don't have any access of. Will try and find an IDP I can host myself to figure out what Okta Workflow is doing.
Perhaps if I read the docs properly I would find it https://help.okta.com/wf/en-us/content/topics/workflows/connector-builder/capia-authping.htm
@stikx (stikx) - yep _authping is the "healthcheck". You essentially want to choose an endpoint that is always going to exist and is relatively low data / fast response on the specific service. For example if I were making an "Okta" connector I would use something like /api/v1/users/me since "me" will always return the results for the user context of the authorized connection.