Problem Implementing OIDC with OKTA

Hello, I have less than 100 agents so i assume i qualify for enterprise features. I am attempting to setup Sensu dashboard with OKTA OIDC authentication method. After setting up Sensu for OKTA auth, i got this error.

{“message”:“oauth2: cannot fetch token: 400 Bad Request\nResponse: {“error”:“invalid_grant”,“error_description”:“The authorization code is invalid or has expired.”}”,“code”:0}

  1. Tell us about your setup, this should include OS, version of Sensu, version of Sensu components (redis, rabbitmq), plugin versions (if applicable), anything special about your setup such as an airgapped network or strict ACLs.

Sensu version used (sensuctl, sensu-backend, and/or sensu-agent): sensu-backend/sensu web
sensu/web revision: 5.16.1
web revision 499558f
Installation method: rpm packages
Operating System and version: redhat 7.7
web is running on port 3000
API is running on port 8080

To setup the OIDC config i used this yaml file.


type: oidc
api_version: authentication/v2
metadata:
  name: okta
spec:
  additional_scopes:
  - groups
  client_id: client_id
  client_secret: client_secret
  redirect_uri: https://mysensu.example:8080/api/enterprise/authentication/v2/oidc/callback
  server: https://myokta.okta.com
  groups_claim: groups
  groups_prefix: 'okta'
  username_claim: email
  username_prefix: 'okta'

In OKTA I have this URI set for the redirect URI: https://mysensu.example.local:8080/api/enterprise/authentication/v2/oidc/callback

Screenshot of applicable logs from OKTA:

  1. Is there a Github issue related to your issue? Yes
    https://github.com/sensu/web/issues/232