V15 Users External Provider with OIDC

Hello there fellow Umbraquians (Umbracians, Umbafellows?),

I’m trying to get my Umbraco v15 integrated with an external provider (Okta) to have a SSO for the umbraco itself.

I’ve followed the documentation for static extension class (since I don’t need to have in injected in the DI) but after successfully logging-in in Okta, I’m redirected to the Umbraco login screen and my url has this:

/umbraco/login?ReturnUrl=/umbraco/management/api/v1/security/back-office/authorize?redirect_uri=https://localhost:44317/umbraco/oauth_complete&client_id=umbraco-back-office&response_type=code&state=[STATE]&scope=offline_access&prompt=consent&access_type=offline&identity_provider=Umbraco.OpenIdConnect&code_challenge=[CODE_CHALLENGE]&code_challenge_method=S256

My code is currently somewhat default… My “OpenIdConnectExternalLoginOptions” class is the same as documentation and my extension is like this:

public static IUmbracoBuilder AddOpenIdConnectAuthentication(this IUmbracoBuilder builder)
{
    builder.Services.ConfigureOptions<OpenIdConnectExternalLoginOptions>();

    builder.AddBackOfficeExternalLogins(logins =>
    {
        logins.AddBackOfficeLogin(
            backOfficeAuthenticationBuilder =>
            {
                var schemeName = BackOfficeAuthenticationBuilder.SchemeForBackOffice(OpenIdConnectExternalLoginOptions.SchemeName);

                ArgumentNullException.ThrowIfNull(schemeName);

                backOfficeAuthenticationBuilder.AddOpenIdConnect(
                    schemeName,
                    options =>
                    {
                        var config = builder.Config;
                        options.Authority = config["Okta:Domain"];
                        options.ClientId = config["Okta:ClientId"];
                        options.ClientSecret = config["Okta:ClientSecret"];
                        
                        options.GetClaimsFromUserInfoEndpoint = true;
                        options.TokenValidationParameters.NameClaimType = "name";

                        options.Scope.Add("email");
                        options.Scope.Add("profile");
                        options.Scope.Add("openid");
                    });
            });
    });

    return builder;
}

Has anyone successfully integrated with Okta or has some insights to share? :slight_smile:

Thank you!