DaveM.82337 (Customer) asked a question.
I've taken over support for an app that uses Okta for credentials management. It had a working OIDC integration that allowed users to log into our app using 'Sign in with Microsoft'. I was trying to get it running locally, and inadvertently changed the redirect url to an invalid value. I started getting a 400 http response with 'invalid_social_token'.
The prior authentication was target OpenID Connect Client, with event type user.authentication.sso and display message
When I tried connecting my locally running app with the invalid redirect, the first message had target Custom Authorization Server and event type app.oauth2.as.authorize and the Event Info illegal_redirect_uri_enhanced message in the logs
The config was never changed in the actual app, just my local instance, but now when anybody tries to connect from the actual application, instead of targeting OpenID Connect Client, the target is Microsoft IdP, the Display Message is Authenticate user with social login, event type is user.authentication.auth_via_social and Event Info is Authenticate user with social login FAILURE: Unable to retrieve an access token for the Identity Provider
So no code changes, and a config change in my local environment that was subsequently reverted, but I can't get my original OpenID Connect Client back and I keep getting forced through Microsoft IdP trying to use social login.
Does anybody know what I have to do to get the app back to using the OpenID Connect Client? I've tried clearing the cache, clearing cookies, etc. and none of that is working.
Hello @DaveM.82337 (Customer) Thank you for posting on our Community page!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work).
Additionally, if you have a Paid Service with Okta you can always open a case with Support for additional assistance with this issue.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
It seems you may be getting caught in a routing rule. I'd suggest reviewing your routing rules under Security -> Identity Providers -> Routing Rules. It is usually based on domain to redirect to another IDP.
Thanks for the reply. The issue I have is that after accidentally using the wrong redirect url in my local dev environment, I'm now blocked from access (I get an invalid social token response) even though I've reverted the change back to the previously working redirect url. So I know for sure the redirect url is valid (it worked fine before) but it's somehow being blocked now and I'm trying to figure out what I have to do to unblock it
double check the redirect URIs for your app and whats configured in okta
Thanks for the reply. The issue I have is that after accidentally using the wrong redirect url in my local dev environment, I'm now blocked from access (I get an invalid social token response) even though I've reverted the change back to the previously working redirect url. So I know for sure the redirect url is valid (it worked fine before) but it's somehow being blocked now and I'm trying to figure out what I have to do to unblock it