I’ve just setup a brand-new Okta tenant, and am trying to set it up as an Identity Provider in Ignition using OIDC.
I went through all the steps in the OIDC example in the manual. The base case works fine, and I can login/logout properly. However, as soon as I add any scope values to the IdP config, the login test fails.
I’m trying this with a single scope named “email”.
Looking in Ignition’s logs, I see a “Unable to handle login response” error from the gateway.WebAuthSessionImpl component.
Looking in Okta’s logs, I see a matching report about “OIDC authorization request FAILURE : illegal_custom_scope”.
I followed the steps in the manual which covered the Ignition side thoroughly, so I’m guessing this must be something on the Okta side, but I’m having no luck finding any hints searching Okta configuration and documentation yet. I’m hoping this is something really simple that someone in this forum could help me with.