My question is related to this older topic https://github.com/Azure/api-management-developer-portal/issues/208.
I want to setup Okta OAuth authentication from the Developer Portal. I believe there is still a bug regarding that ‘state’ parameter.
The ‘state’ parameter is not part of the request URL when requesting Authentication from the developer portal, even though I did tick “Support state parameter” in the OAuth configuration.
Okta requires the ‘state’ parameter.
I’m using ’Authorization + PKCE’.
This is the request URL sent from the Developer Portal:
https://<Oktaserver>.okta.com/oauth2/aus3d28cn6UPLknbA417/v1/authorize?response_type=code&client_id=<ClientId>&code_challenge_method=S256&code_challenge=owcExgqifVaRmsv6TUngu9LFuw7qN4FOTu9VHScKIA4&redirect_uri=https%3A%2F%2F<APIname>-azapiman.developer.azure-api.net%2Fsignin-oauth%2Fcode-pkce%2Fcallback%2Fokta&scope=openid+profile+email+offline_access
The ‘state’ parameter is not included.
Okta response payload
error: invalid_request
error_description: The authentication request has an invalid 'state' parameter.
Is there still a bug in the Developer Portal backend?