Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Request-URI Too Long to /authorize endpoint (Okta as IdP)

See original GitHub issue

Hello again!

still trying to setup Oauth based PoC with Okta IdP, envoy.filters.http.ext_authz and eas.

Faced following problem with Okta, which is self explanatory:

Request-URI Too Long
The requested URL's length exceeds the capacity limit for this server.

Example request:

https://zztop.oktapreview.com/oauth2/aus1nDrtgu349y9mX0x7/v1/authorize?client_id=0oa1nt2v8y7E.....

The request to /authorize endpoint is 8000+ characters. Okta documentation is confusing and there are different limits for requests. Already raised ticket to Okta support to find out limit for request to /authorize endpoint in oauth flow case.

Still curious. Is it possible to deal such things in alternative way? Like smaller pointers, so the actual request to Okta /authorize endpoint is compact, etc.

Can this help? https://github.com/travisghansen/external-auth-server/blob/e4646e151ca9062e0ace68b748fcd8d7c9c7471c/CONFIG_TOKENS.md

Thank you!

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:25 (13 by maintainers)

github_iconTop GitHub Comments

1reaction
travisghansencommented, Jul 17, 2021

Sounds good! I’m going to work on supporting ssl directly as L7 proxy in front of eas can result in some weird/unintentional behaviors for sure.

0reactions
nonefakencommented, Jul 17, 2021

ok it is because of extensions.filters.http.ext_authz.v3.ExtAuthz. I just force added “X-Forwarded-Proto” header in it instead of “routes:”.

Im sorry i will continue to bug you, as my next step is to figure out how to plug “envoy.filters.http.jwt_authn” and “envoy.filters.http.rbac” to the whole concept, so it is possible to implement RBAC based on group claims in JWT tokens.

Thank you very much for help. Again, very interesting project!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Receiving a 414 Request-URI Too Long calling signOut in the ...
I've setup OIDC SSO for a SPA application using the okta-auth-js and okta-vue npm libraries and I'm having some issues.
Read more >
Error "Request-URI Too long" Publishing ... - Knowledge Base
Cause. The Okta IdP is using a session redirect link to retrieve the session cookie, and the URL is too long for the...
Read more >
12. OAuth2 - Spring
Token Endpoint : Used by the client to exchange an authorization grant for an access token, typically with client authentication. As well as...
Read more >
Okta API Products release notes 2021
IdP discovery supported for Device Authorization Grant flow, December 8, ... The Upload Logo for Org endpoint ( /org/logo ) is deprecated.
Read more >
Application response codes, login events, and errors
See Proxy Buffer Size in Miscellaneous section of Advanced tab for the application. 414. HTTP response: 414 Request - URI Too Large. Description:...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

troubleshooting X-Access-Token not send to backend service (Okta, oauth2 flow, envoy, eas)

Next page

"bad decrypt" on client connect (envoy/ext_authz <-> eas)