I have Auth0 SPA with expressJS application, that uses google as IdP and we are adding support for Okta.
the Google login flow is working fine, but using Okta and following the instructions from Auth0 docs: “Configure Okta SAML app integration” we have issues.
The user has a button in the Okta dashboard that redirects to our login page: https://login.[APP_DOMAIN]/login/callback?connection=[CONNECTION]
If the user is not logged in already, than after the authentication process and it’s redirects are done the user is redirected to:
https://[APP_DOMAIN]/authorize?code=[CODE]
without state
, response_type
, scope
and other query params I see when connecting with google, and the user gets the following message:
{"statusCode":400,"message":"state missing from the response"}
and indeed there is no state in the url params.
if the user refreshes the page, the app is loaded normally and the user data is fetched as if everything is fine.
if the user was already authenticated before clicking the button in Okta’s dashboard, the follow works fine without error messages.
what is needed to do for the login flow with Okta IdP to work flawlessly, pass the state, and not to end with the “state missing” error message?
thanks,
Amit