external-auth-server: Request-URI Too Long to /authorize endpoint (Okta as IdP)

Hello again!

still trying to setup Oauth based PoC with Okta IdP, envoy.filters.http.ext_authz and eas.

Faced following problem with Okta, which is self explanatory:

Request-URI Too Long
The requested URL's length exceeds the capacity limit for this server.

Example request:

https://zztop.oktapreview.com/oauth2/aus1nDrtgu349y9mX0x7/v1/authorize?client_id=0oa1nt2v8y7E.....

The request to /authorize endpoint is 8000+ characters. Okta documentation is confusing and there are different limits for requests. Already raised ticket to Okta support to find out limit for request to /authorize endpoint in oauth flow case.

Still curious. Is it possible to deal such things in alternative way? Like smaller pointers, so the actual request to Okta /authorize endpoint is compact, etc.

Can this help? https://github.com/travisghansen/external-auth-server/blob/e4646e151ca9062e0ace68b748fcd8d7c9c7471c/CONFIG_TOKENS.md

Thank you!

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 25 (13 by maintainers)

Most upvoted comments

Sounds good! I’m going to work on supporting ssl directly as L7 proxy in front of eas can result in some weird/unintentional behaviors for sure.

+1
travisghansen on Jul 17, 2021
Read more comments on GitHub
← external-auth-server: OIDC with userinfo (via Okta IdP) flow random 403 on authorization callback
external-auth-server: undefined in redirect URL →