0

I am trying to integrate the Okta App Centre with Azure AD B2C. This would involve a SPA App as well as a Mobile App that would be hopefully be able to use the Context from the Okta App Centre to directly sign the User in and follow the User Journey as if they had clicked a sign in button. I am using Custom Policies.

I have set up an OpenIdConnect App Integration on the Okta side and it is working to sign in a user into B2C. On the Okta App sign in uri, I am using a domain_hint to use the Okta sign in path "invisibly" as well as passing a redirect_uri so that the sign in redirects to the SPA App.

This works, but I'm just wondering if overall this is the best way to accomplish this. I saw in another Stack Overflow mention of using an SP-Initiated flow using SAML instead. One issue I noticed with this approach potentially is the Sign In link for the App has a limit of 255 characters on the Okta side, which is not long enough to build the sign in URL I would need for the SPA. Would the SP-Initiated be a better experience though? I'm just trying to figure out how I would include the redirect_uri as well as the scopes into the initial SAML sign in request, both of which make for a long initial sign in URL (I wonder if I am missing something).

Philip Young
  • 87
  • 8
  • 1
    I don’t see any reason to switch from openid to SAML, you’re over complicating things by moving to SAML. In SAML, the SAML request contains the assertion consumer service url (redirect uri) and the RP metadata contains it also (for IdP initiated). – Jas Suri - MSFT May 03 '22 at 08:08
  • Just the person I was hoping would reply as the other Stack Overflow I mentioned was responded to by you :). Thank you @JasSuri-MSFT for confirming! I will continue with the OpenId path and am glad to hear you say switching to SAML would be overcomplicating things, it certainly felt that way. – Philip Young May 03 '22 at 15:52

0 Answers0