For some reason I am sometimes seeing incorrect behavior in the Enterprise Connection Self-serve flow, specifically when managing Custom OIDC connections. I am seeing different behavior between two customers’ Custom OIDC connections, so this is not behavior that I’m seeing across the board. I am looking at two Custom OIDC connections, both have “front channel” Communication Channel saved. One connection has the behavior I would expect, which is that when I edit it using the Self-serve flow that I see “Front Channel” radio button selected. However in another OIDC connection, when I go through the Self-serve edit flow it always loads with “Back Channel” radio button selected even though when I view that connection while logged into the Auth0 Admin I see it correctly saved with “Front Channel”. I don’t know why one is working correctly and the other not.
I am attaching screenshots of the same connection’s configurations both in the Auth0 admin, and in the Self-serve edit flow.
Admin Screen:
Self-serve Edit Flow:
Hi @neal.ferrazzani,
I managed to reproduce the same behavior you shared, only when I selected Back Channel without having a Client Secret configured for a new OIDC connection.
If this is true, then regardless of the edits made in the self service SSO flow, they would not get updated on the Dashboard.
What’s more, if you try to do the same on the Dashboard without configuring the Client Secret for Back Channel, it displays an error message mentioning this, which doesn’t happen on the self service SSO flow.
Given that, I recommend ensuring that the OIDC connection has all the required fields filled in so that it can be updated accordingly through the self-service SSO flow.
I hope this helps!
Best regards,
Rueben
Thanks for your attention on this, Ruben, however I don’t think I made myself clear. What I am seeing is that sometimes even though an OIDC connection is verifiably saved in our tenant with “Front Channel” selected, when our customer goes again to the Self-Service flow it shows up to the user in the Self-Serve UI as having “Back Channel” selected (as pictured in the screenshot).
Steps to reproduce on my end:
- Click “Add new SSO” (which generates a Self-Serve ticket link)
- Click the Self-Serve ticket link
- Add new Custom OIDC Enterprise Connection via the Self-Serve flow. Select “Front Channel” communication.
- Start over in our UI, this time selecting “Edit” on the existing OIDC SSO connection.
- Click through the Self-Serve ticket link into the Auth0 Enterprise Self-Serve Flow. When the page loads, see that “Back Channel” is showing as selected even though the same connection shows up in the Auth0 Admin as correctly saved with “Front Channel.”
Hi @neal.ferrazzani,
Thanks for the reply and clarification.
I have followed your latest reproduction steps and cannot restart a new self serve SSO ticket flow because I am prompted to request a new ticket to proceed. This seems to happen on Step 4, where I retried starting over in the UI.
However, when I specify the connection_id
of my latest connection I created earlier with front-channel selected through creating a new SSO access ticket, I noticed that the back channel was selected instead of the front channel.
Since this is not reflecting the correct setup I configured during the creation of the new connection, I will pass this information to our Engineering team to look into further.
In the meantime, I recommend re-selecting the front-channel radio button before proceeding, as a temporary workaround.
Once I have more information about this issue, I will update this thread.
Kind regards,
Rueben
Thanks Ruben. Unfortunately though, the Self Service SSO flow is end user facing, so it can’t be worked around. It’s just confusing to our customers.
Hi @neal.ferrazzani,
Thanks for that information.
In this case, allow me some time to follow up with our Engineering team on this.
Once I have an update, I will follow up on this thread.
Cheers,
Rueben