I’m getting an error message when trying to authenticate with Okta via OpenID.
Here’s the error:
Here’s (most of) my application.yaml:
proxy:
title: Mysite
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
admin-groups: developers
container-wait-time: 200000
hide-navbar: true
authentication: openid
openid:
auth-url: https://mysubdomain.okta.com/oauth2/v1/authorize
token-url: https://mysubdomain.okta.com/oauth2/v1/token
jwks-url: https://mysubdomain.okta.com/oauth2/v1/keys
client-id: hidden
client-secret: hidden
logout-url: https://mysubdomain.okta.com/oauth2/logout
specs:
- id: abc123
display-name: My project
container-cmd: ["R", "-e", "shiny::runApp('/root/app')"]
container-image: eu.gcr.io/myproject/afolder/image
access-groups: [developers]
server:
useForwardHeaders: true #Using Nginx with SSL
My SSO guy thinks the login redict URIs (and Initiate login URI) might be wrong (defined on Okta). Both are https://prefix.mydomain.com/login/oauth2/code/shinyproxy
I noticed a Github issue discussing the following fields - is it anything to do with them?:
roles-claim: ***
scopes: ["openid","profile"]
username-attribute: name
Any tips very welcome. Thank you in advance!