🐛 Bug Report: Unknown auth provider 'okta' #27964

synackSA · 2024-12-02T20:03:55Z

📜 Description

Providing a clientSecret for the okta auth provider results in an error Unknown auth provider 'okta'.

👍 Expected behavior

Connect to Okta for Authentication

👎 Actual Behavior with Screenshots

Get the following error

{
  "error": {
    "name": "NotFoundError",
    "message": "Unknown auth provider 'okta'",
    "stack": "NotFoundError: Unknown auth provider 'okta'\n <trace details>"
  },
  "request": {
    "method": "GET",
    "url": "/api/auth/okta/<redacted>/oauth2/v1/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A7007%2Fapi%2Fauth%2Fokta%2Fhandler%2Fframe&scope=openid%20email%20profile%20offline_access&state=<redacted>&client_id=<redacted>"
  },
  "response": {
    "statusCode": 404
  }
}

👟 Reproduction steps

Create a new app with the following command npx @backstage/create-app
Add Okta provider via yarn with command yarn --cwd packages/backend add @backstage/plugin-auth-backend-module-okta-provider
Add Okta provider import to packages/backend/src/index.ts - backend.add(import('@backstage/plugin-auth-backend-module-okta-provider'));
Update frontend with correct Okta sign in button

import { oktaAuthApiRef } from '@backstage/core-plugin-api';

const app = createApp({
  // Other stuff
  components: {
    SignInPage: props => (<SignInPage {...props} auto providers={['guest', 
      {
        id: 'okta-auth-provider',
        title: 'Okta',
        message: 'Sign in using Okta',
        apiRef: oktaAuthApiRef,
      }
    ]} />),
  },
});

Copy & Paste Okta provider config from Backstage Docs, remove all Optional fields: https://backstage.io/docs/auth/okta/provider/#configuration

auth:
  environment: development
  providers:
    okta:
      development:
        clientId: ${AUTH_OKTA_CLIENT_ID}
        clientSecret: ${AUTH_OKTA_CLIENT_SECRET}
        audience: ${AUTH_OKTA_DOMAIN}
        signIn:
          resolvers:
            - resolver: emailMatchingUserEntityAnnotation

Run app with NODE_ENV=development yarn dev
Once app has fully started, click on Okta sign in button
A popup should appear with an error stating Auth provider registered for 'okta' is misconfigured.. This is expected, since the ENV variables result in blanks strings.
Kill the app
Update config, replacing all ENV variables with testing123

auth:
  environment: development
  providers:
    okta:
      development:
        clientId: testing123
        clientSecret: testing123
        audience: testing123
        signIn:
          resolvers:
            - resolver: emailMatchingUserEntityAnnotation

Run app again with command NODE_ENV=development yarn dev
Once app has fully started, click on Okta sign in button
A popup should appear with an error stating Unknown auth provider 'okta', This is unexpected, as it should have reached out to Okta in an attempt to open up the Okta sign in page.
Kill the app
Update the config, removing the clientSecret field value (set it to blank string)

auth:
  environment: development
  providers:
    okta:
      development:
        clientId: testing123
        clientSecret: 
        audience: testing123
        signIn:
          resolvers:
            - resolver: emailMatchingUserEntityAnnotation

Run app again with command NODE_ENV=development yarn dev
Once app has fully started, click on Okta sign in button
A popup should appear with an error stating Auth provider registered for 'okta' is misconfigured.. This is expected, since the clientSecret field is blank, and not configured.

As you can see from this flow, providing a clientSecret seemingly breaks the Okta auth provider for some reason. No error or warning logs of any kind are created, even when running the all with LOG_LEVEL=debug.

📃 Provide the context for the Bug.

N/A

🖥️ Your Environment

$ yarn backstage-cli info
OS:   Darwin 23.5.0 - darwin/x64
node: v20.17.0
yarn: 4.4.1
cli:  0.29.2 (installed)
backstage:  1.33.0

Dependencies:
  @backstage/app-defaults                                          1.5.14
  @backstage/backend-app-api                                       1.0.2
  @backstage/backend-common                                        0.25.0
  @backstage/backend-defaults                                      0.5.3
  @backstage/backend-dev-utils                                     0.1.5
  @backstage/backend-openapi-utils                                 0.3.0
  @backstage/backend-plugin-api                                    1.0.2
  @backstage/catalog-client                                        1.8.0
  @backstage/catalog-model                                         1.7.1
  @backstage/cli-common                                            0.1.15
  @backstage/cli-node                                              0.2.10
  @backstage/cli                                                   0.29.2
  @backstage/config-loader                                         1.9.2
  @backstage/config                                                1.3.0
  @backstage/core-app-api                                          1.15.2
  @backstage/core-compat-api                                       0.3.3
  @backstage/core-components                                       0.16.1
  @backstage/core-plugin-api                                       1.10.1
  @backstage/e2e-test-utils                                        0.1.1
  @backstage/errors                                                1.2.5
  @backstage/eslint-plugin                                         0.1.10
  @backstage/frontend-app-api                                      0.10.2
  @backstage/frontend-defaults                                     0.1.3
  @backstage/frontend-plugin-api                                   0.9.2
  @backstage/frontend-test-utils                                   0.2.3
  @backstage/integration-aws-node                                  0.1.13
  @backstage/integration-react                                     1.2.1
  @backstage/integration                                           1.15.2
  @backstage/plugin-api-docs                                       0.12.1
  @backstage/plugin-app-backend                                    0.4.2
  @backstage/plugin-app-node                                       0.1.27
  @backstage/plugin-app                                            0.1.3
  @backstage/plugin-auth-backend-module-atlassian-provider         0.3.2
  @backstage/plugin-auth-backend-module-auth0-provider             0.1.2
  @backstage/plugin-auth-backend-module-aws-alb-provider           0.3.0
  @backstage/plugin-auth-backend-module-azure-easyauth-provider    0.2.2
  @backstage/plugin-auth-backend-module-bitbucket-provider         0.2.2
  @backstage/plugin-auth-backend-module-bitbucket-server-provider  0.1.2
  @backstage/plugin-auth-backend-module-cloudflare-access-provider 0.3.2
  @backstage/plugin-auth-backend-module-gcp-iap-provider           0.3.2
  @backstage/plugin-auth-backend-module-github-provider            0.2.2
  @backstage/plugin-auth-backend-module-gitlab-provider            0.2.2
  @backstage/plugin-auth-backend-module-google-provider            0.2.2
  @backstage/plugin-auth-backend-module-guest-provider             0.2.2
  @backstage/plugin-auth-backend-module-microsoft-provider         0.2.2
  @backstage/plugin-auth-backend-module-oauth2-provider            0.3.2
  @backstage/plugin-auth-backend-module-oauth2-proxy-provider      0.2.2
  @backstage/plugin-auth-backend-module-oidc-provider              0.3.2
  @backstage/plugin-auth-backend-module-okta-provider              0.1.2
  @backstage/plugin-auth-backend-module-onelogin-provider          0.2.2
  @backstage/plugin-auth-backend                                   0.24.0
  @backstage/plugin-auth-node                                      0.5.4
  @backstage/plugin-auth-react                                     0.1.9
  @backstage/plugin-bitbucket-cloud-common                         0.2.25
  @backstage/plugin-catalog-backend-module-logs                    0.1.4
  @backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.2.2
  @backstage/plugin-catalog-backend                                1.28.0
  @backstage/plugin-catalog-common                                 1.1.1
  @backstage/plugin-catalog-graph                                  0.4.13
  @backstage/plugin-catalog-import                                 0.12.7
  @backstage/plugin-catalog-node                                   1.14.0
  @backstage/plugin-catalog-react                                  1.14.2
  @backstage/plugin-catalog                                        1.25.1
  @backstage/plugin-events-node                                    0.4.5
  @backstage/plugin-kubernetes-backend                             0.19.0
  @backstage/plugin-kubernetes-common                              0.9.0
  @backstage/plugin-kubernetes-node                                0.2.0
  @backstage/plugin-kubernetes-react                               0.5.1
  @backstage/plugin-kubernetes                                     0.12.1
  @backstage/plugin-org                                            0.6.33
  @backstage/plugin-permission-backend-module-allow-all-policy     0.2.2
  @backstage/plugin-permission-backend                             0.5.51
  @backstage/plugin-permission-common                              0.8.2
  @backstage/plugin-permission-node                                0.8.5
  @backstage/plugin-permission-react                               0.4.28
  @backstage/plugin-proxy-backend                                  0.5.8
  @backstage/plugin-scaffolder-backend-module-azure                0.2.3
  @backstage/plugin-scaffolder-backend-module-bitbucket-cloud      0.2.3
  @backstage/plugin-scaffolder-backend-module-bitbucket-server     0.2.3
  @backstage/plugin-scaffolder-backend-module-bitbucket            0.3.4
  @backstage/plugin-scaffolder-backend-module-gerrit               0.2.3
  @backstage/plugin-scaffolder-backend-module-gitea                0.2.3
  @backstage/plugin-scaffolder-backend-module-github               0.5.3
  @backstage/plugin-scaffolder-backend-module-gitlab               0.6.2
  @backstage/plugin-scaffolder-backend                             1.27.2
  @backstage/plugin-scaffolder-common                              1.5.7
  @backstage/plugin-scaffolder-node                                0.6.1
  @backstage/plugin-scaffolder-react                               1.14.1
  @backstage/plugin-scaffolder                                     1.27.1
  @backstage/plugin-search-backend-module-catalog                  0.2.5
  @backstage/plugin-search-backend-module-pg                       0.5.38
  @backstage/plugin-search-backend-module-techdocs                 0.3.3
  @backstage/plugin-search-backend-node                            1.3.5
  @backstage/plugin-search-backend                                 1.7.0
  @backstage/plugin-search-common                                  1.2.15
  @backstage/plugin-search-react                                   1.8.3
  @backstage/plugin-search                                         1.4.20
  @backstage/plugin-signals-react                                  0.0.7
  @backstage/plugin-techdocs-backend                               1.11.3
  @backstage/plugin-techdocs-common                                0.1.0
  @backstage/plugin-techdocs-module-addons-contrib                 1.1.18
  @backstage/plugin-techdocs-node                                  1.12.14
  @backstage/plugin-techdocs-react                                 1.2.11
  @backstage/plugin-techdocs                                       1.11.2
  @backstage/plugin-user-settings-common                           0.0.1
  @backstage/plugin-user-settings                                  0.8.16
  @backstage/release-manifests                                     0.0.11
  @backstage/test-utils                                            1.7.2
  @backstage/theme                                                 0.6.2
  @backstage/types                                                 1.2.0
  @backstage/version-bridge                                        1.0.10

👀 Have you spent some time to check if this bug has been raised before?

I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

I have read the Code of Conduct

Are you willing to submit PR?

No, I don't have time to work on this right now

The text was updated successfully, but these errors were encountered:

synackSA · 2024-12-02T21:02:44Z

Also, just to be clear, I have actually tried with the correct credentials from Okta in place of testing123, but I still get the same result.

Rugvip · 2024-12-05T10:21:27Z

The audience option is important, if you set it to something like testing123 it'll be treated as a relative URL and result in a 404 since something like testing123/oauth2/v1/authorize?... doesn't exist. Try configuring a real audience that points to your Okta server, or leave it as the default http://okta.com. The audience should not point to the Backstage instance.

synackSA · 2024-12-05T16:47:06Z

The audience option is important, if you set it to something like testing123 it'll be treated as a relative URL and result in a 404 since something like testing123/oauth2/v1/authorize?... doesn't exist. Try configuring a real audience that points to your Okta server, or leave it as the default http://okta.com. The audience should not point to the Backstage instance.

@Rugvip But it's not even getting to that part since it's not even finding the Okta provider (unlike when I have the secret blank, which it will then say that it's misconfigured). To be clear (as per my 2nd comment), I have tried this with the actual values that I get from setting up the App in Okta and the same thing still happens.

Rugvip · 2024-12-06T00:07:45Z

@synackSA It's getting past that point, because the error is from /api/auth/okta/<redacted>/oauth2/v1/authorize, which isn't a valid endpoint on the auth plugin. That or the frontend is trying to access that endpoint directly, which would also be an error.

synackSA added the bug Something isn't working label Dec 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🐛 Bug Report: Unknown auth provider 'okta' #27964

🐛 Bug Report: Unknown auth provider 'okta' #27964

synackSA commented Dec 2, 2024

synackSA commented Dec 2, 2024

Rugvip commented Dec 5, 2024

synackSA commented Dec 5, 2024

Rugvip commented Dec 6, 2024

🐛 Bug Report: Unknown auth provider 'okta' #27964

🐛 Bug Report: Unknown auth provider 'okta' #27964

Comments

synackSA commented Dec 2, 2024

📜 Description

👍 Expected behavior

👎 Actual Behavior with Screenshots

👟 Reproduction steps

📃 Provide the context for the Bug.

🖥️ Your Environment

👀 Have you spent some time to check if this bug has been raised before?

🏢 Have you read the Code of Conduct?

Are you willing to submit PR?

synackSA commented Dec 2, 2024

Rugvip commented Dec 5, 2024

synackSA commented Dec 5, 2024

Rugvip commented Dec 6, 2024