Comments (10)
from okta-react-graphql-example.
Appreciate it.
Just if anyone is hitting their heads against the wall, I am referring to this documentation to troubleshoot.
https://medium.com/@mateioprea/setting-up-a-react-app-with-react-router-in-iis-71cb86aee376
I haven't been able to get it working yet, but I believe this is what my problem is.
If you leave this bug open, I will post solution once I get it up and running.
from okta-react-graphql-example.
Hey @mraible - I decided to ditch Windows Server and IIS and serve my app via Ubtuntu 16.04 w/ Nginx as I hit too many roadblocks with IIS v6 and React.
I was able to get passed the aforementioned 404 error, but now i am getting a 400 error
Identity Provider: Unknown
Error Code: invalid_request
Description: The 'redirect_uri' parameter must be an absolute URI that is whitelisted in the client app settings.
The response URL coming back is
https://{oktaURL}.oktapreview.com/oauth2/default/v1/authorize?client_id={clientID}&redirect_uri=http%3A%2F%2F{ipAddressOfNGNIXServer}%2Fimplicit%2Fcallback&response_type=id_token%20token&response_mode=fragment&state={stateValue}nonce={nonce}sessionToken={sessionToken}&scope=openid%20email%20profile
I took your advice from your last suggestion and used Nginx, to redirect all requests back to index.html. Here is my Nginx sites-enabled
server {
listen 80
default_server;
server_name /var/www/html;
root /var/www/html;
index index.html index.htm;
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
# access_log logs/static.log; # I don't usually include a static log
}
location ~* \.(?:css|js)$ {
try_files $uri =404;
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# Any route containing a file extension (e.g. /devicesfile.js)
location ~ ^.+\..+$ {
try_files $uri =404;
}
# Any route that doesn't have a file extension (e.g. /devices)
location / {
try_files $uri $uri/ /index.html;
root /var/www/html/static;
}
}
And I have added the NGNIX server to the trusted origins http://1.1.1.1/
My App.js code
function onAuthRequired({history}) {
history.push('/login');
}
class App extends Component {
render() {
return (
<Router>
<Security issuer='https://dev-XXXXXX.oktapreview.com/oauth2/default'
client_id='{clientID}'
redirect_uri={window.location.origin + '/implicit/callback'}
onAuthRequired={onAuthRequired}>
<Route path='/' exact={true} component={Home}/>
<SecureRoute path='/points' component={Points}/>
<SecureRoute path='/clients' component={Clients}/>
<SecureRoute path='/reporting' component={Reporting}/>
<Route path='/login' render={() => <Login baseUrl='https://dev-XXXXXX.oktapreview.com'/>}/>
<Route path='/implicit/callback' component={ImplicitCallback}/>
</Security>
</Router>
);
}
}
I think i've provided everything I can to troubleshoot, please let me know if you need any clarification or anymore information.
Any and all help would be greatly appreciated. I've troubleshoot this and have read all your tutorials and troubleshooting tips, and am still getting this 400 error. This has been over a week of trying to get this deployed to a production environment, again any help would be greatly appreciated.
from okta-react-graphql-example.
from okta-react-graphql-example.
Here is the redirect_uri from the address bar with everything but redirect_uri removed
https://dev-{devID}.oktapreview.com/oauth2/default/v1/authorize?client_id={clientID}&redirect_uri=http%3A%2F%2F10.10.1.57%2Fimplicit%2Fcallback&response_type=id_token%20token&response_mode=fragment&state={state}&nonce={nonce}&sessionToken={sessionToken}&scope=openid%20email%20profile
And here is the screenshot from the app settings
As you can see I have a local ubuntu 16.04 machine running Nginx on port 10.10.1.57
I have the redirect_uri set to http://10.10.1.57/implicit/callback/
and that is the same redirect_uri that is coming back above. (minus the unicode)
I just tested with the /implicit/callback
removed and it also didn't work.
Am I missing something? Do I need DNS resolution from a domain? I would think the IP address would work.
from okta-react-graphql-example.
from okta-react-graphql-example.
Hmm that is embarrassing.
Let me try and fix that and ill let ya know.
Thanks for your continued support.
from okta-react-graphql-example.
Hey Matt,
Just wanted to update you and this ticket. And provide an update to serve as a deployment guide for people trying to get this app onto a production server. Down to my last bug.
Frontend React Server
I was able to get an Ubuntu Server, running NGINX to serve the React Frontend. To deploy said frontend, I used the following guide to help.
https://codeburst.io/how-to-setup-nginx-for-react-a504f38f95ed
I have my login_redirect_uri set to http://my.domain.com/implicit/callback
And I have the domain added to my trusted origins http://my.domain.com/
After configuring the above, I was able to log into through corporate using Two Factor Authentication Enabled.
The above setup worked for my okta dev account, using one factor authentication, and also for my corporate production environment using two factor authentication.
Backend GraphQL Server
I deployed this box on the same Ubuntu Box. In order to serve the graphQL, I used pm2 using the command pm2 start npm -- start
When I ran this with my dev server, everything worked without a hitch. I finally have a working developer environment deployed to my production environment.
The above guide should be able to get this Application deployed on a working server.
Question
My last hurdle I am facing is cutting over my GraphQL backend to production environment.
I updated my clientID to be that of my corporations application (the same one that works in the frontend)
I also updated the issuer to match that of the frontend.
I've tried
http://my.domain.com/
http://my.domain.com/oauth2/
http://my.domain.com/oauth2/v1/
http://my.domain.com/oauth2/v1/authorize
http://my.domain.com/oauth2/default
The ones that don't return 404 errors, are giving me the following error
name: 'JwtParseError',
userMessage: 'Error while resolving signing key for kid ""',
However the parsedBody in the debug information has all the right corporate information.
Is it because my corp is forcing two factor authentication? I get the prompt on the frontend and successfully authenticate past it. However the GraphQL backend constantly fails with a JWT Parse Error complaining about the signing key.
There was also one failure that resulted in
"errorCode": "E0000015",
"errorSummary": "You do not have permission to access the feature you are requesting",
Should I maybe try to use an auth token rather than using the clientID? Will that bypass the two factor authentication?
Is the two factor authentication causing these errors? Is there anything I can do to resolve this?
As I said, my corporation forces two factor for OKTA logins, I don't think I will be able to turn them off.
from okta-react-graphql-example.
from okta-react-graphql-example.
Closing since this is not an open issue related to this repo or its blog post.
from okta-react-graphql-example.
Related Issues (2)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okta-react-graphql-example.