OIDC Authentication using Okta Authorization Server URL

### Expected behaviour

Successful OIDC authentication when using an Okta Authorization Server API URL (`https://{{okta-domain}}/oauth2/{{authorization-server-id}}`) instead of the default API URL (`https://{{okta-domain}}/oauth2`). This behaviour is consistent with current [documentation](https://python-social-auth.readthedocs.io/en/latest/backends/okta.html). This issue is to request support for Okta Authorization Servers.

### Actual behaviour

When trying to authenticate using OIDC, a `Signature verification failed` exception is thrown in `social_core/backends/open_id_connect.py`. Okta logs show `successful app.oauth2.as.token.grant.access_token` and `successful app.oauth2.as.token.grant.id_token` for the same authentication event.

### What are the steps to reproduce this issue?

1. Configure an Okta Authorization Server (Security > API)
2. Use the generated Authorization Server URI as the authentication endpoint
3. Attempt to authenticate (exception thrown)
4. Use the default URI as the authentication endpoint
5. Attempt to authenticate (successful)

### Any logs, error output, etc?

Exception traceback:
```
/opt/netbox/venv/lib/python3.11/site-packages/social_core/actions.py, line 49, in do_complete
        user = backend.complete(user=user, redirect_name=redirect_name, *args, **kwargs)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 

/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/base.py, line 39, in complete
        return self.auth_complete(*args, **kwargs)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 

/opt/netbox/venv/lib/python3.11/site-packages/social_core/utils.py, line 253, in wrapper
            return func(*args, **kwargs)
                        ^^^^^^^^^^^^^^^^^^^^^ 

/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/oauth.py, line 418, in auth_complete
        response = self.request_access_token(
                        
/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/open_id_connect.py, line 254, in request_access_token
        self.id_token = self.validate_and_return_id_token(
                             
/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/open_id_connect.py, line 214, in validate_and_return_id_token
            raise AuthTokenError(self, "Signature verification failed")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
```

### Any other comments?

This appears to be related/similar to issues [662](https://github.com/python-social-auth/social-core/issues/662) and [663](https://github.com/python-social-auth/social-core/issues/663)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

OIDC Authentication using Okta Authorization Server URL #892

Expected behaviour

Actual behaviour

What are the steps to reproduce this issue?

Any logs, error output, etc?

Any other comments?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

OIDC Authentication using Okta Authorization Server URL #892

Description

Expected behaviour

Actual behaviour

What are the steps to reproduce this issue?

Any logs, error output, etc?

Any other comments?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions