Can't change issuer URL for OIDC enterprise connection

marcelina.barycka · May 2, 2024, 8:51am

Thank you for sharing!

Alright! I have a bit different view of your configurations (as an internal employee of Okta) and can see an additional field called:
Discovery URL (separate from the Issuer URL one). → This makes me think the UI is unsuitable for updating the existing connection’s Issuer data.

The workaround I would like to offer for the future is using our Management API:

GET the connection to retrieve the options object with this call:

You should see there nothing less than the following:

{
   "options": {
       "discovery_url": "https://.../.well-known/openid-configuration",
       "oidc_metadata": {
           "issuer": "https://...",
           "jwks_uri": "https://..../.well-known/jwks.json",
           "token_endpoint": "https://auth...",
           "authorization_endpoint": "https://...",
       },
       "authorization_endpoint": "https://...."
   }
}

PATCH the connection with the updated URLs (including the Discovery URL).
(PATCH will also update fields not included in the call. Thus, the first step is to GET the entire connection JSON).

Feel free to check it out if possible
Apologies for the UI experience. I will review our documentation and if this disclaimer is not included, I will work with our Knowledge Management team to update docs.

Topic		Replies	Views
OIDC Issuer URL IP Address Migration Knowledge Articles	1	591	October 5, 2023
Can the Issuer URL for OIDC Connections Have a Wildcard In the Path? Knowledge Articles	1	692	October 19, 2023
Custom OIDC Enterprise Connection Get Help connections , oidc-enterprise-connection	0	785	February 9, 2024
Changing issuer in Auth0 SAML enterprise connection Get Help saml	5	3340	February 22, 2023
Enterprise Connection config issue Get Help connections , oidc-enterprise-connection	0	730	September 17, 2023

Can't change issuer URL for OIDC enterprise connection

Related topics