Replies: 2 comments
-
after some debugging, removed prefixed proxy but still it is failing to login. |
Beta Was this translation helpful? Give feedback.
0 replies
-
figured this out. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to run the directus app behind a proxy with a prefix because the user access domain
is shared with the other tools and because we want to use https for the frontend.
For example,
httpS://domainA/cms/* => goes to http://directus_app
httpS://domainA/other/* => goes to something else
after configuring the nginx as a reverse proxy for directus docker containers like below, everything seems working except for the Okta integration.
Because the same exact okta clientID x Secret works if I use a endpoint without https + /cms prefix, it's either related to having the ssl endpoint or having additional path at the proxy layer but the call below fails with "invalid_grant" error AFTER Okta's authentication passes (so from Okta perspective, authentication has no error).
As you can see, I am successfully getting the state and code from okta but the last callback request is returned with invalid_grant and it redirects me to
/cms/admin/#/?code=-1&error=1
.Okta doesn't have any detailed logs so I am not sure how the mismatch ending up with invalid_grant error is happening here.
What exactly
/_/auth/sso/okta/callback?code=xxx&state=xxxx
endpoint is doing?I suppose it's calling Okta API to validate the code & the state but is there any way for me to trace the http request logs to okta API from the application logs?
As asked in https://github.com/directus/docker/issues/117, I cannot get anything other than the error stack and having a hard time to find a workaround for this set up.
Beta Was this translation helpful? Give feedback.
All reactions