trying to configure the Okta OIDC client. Getting error after authentication on Okta.
social_core.exceptions.AuthTokenError: Token error: Signature verification failed
should the discovery URL be configured somewhere? How does it know the jwks_uri to validate tokens?
Thanks
found my issue. Documentation could use a little clarity. While it states the API URL should be:
This has subsequently had the ‘/v1/authorize’ removed. In productive deployments, this will likely resemble:
https://{company}.okta.com/oauth2/{authServerId}/
The source library documentation states:
https://python-social-auth.readthedocs.io/en/latest/backends/okta.html
Please note, do not use the /oauth2/default endpoint for Okta authentication:
“default” is the API authServerID that comes with Okta. Usually oidc clients have no issues using it. So when configuring galaxy oidc_config.xml and oidc_backend_config.xml, instead of https://{company}.okta.com/oauth2/{authServerId}/ use https://${company}.okta.com/oauth2/
cheers!