Trying to get OIDC to work and failing

I have set up the OIDC settings in appsettings.json to talk to Okta (the parts have the real values in obvs.).

	"OIDC": {
		"Enabled": "true",
		"CallbackPath": "/auth/signin-oidc",
		"ClientID": "<ClientID>",
		"ClientSecret": "<ClientSecret>",
		"Resource": "",
		"Authority": "https://<Domain>",
		"ResponseType": "code",
		"SaveTokens": "false"

But It doesn’t seem to work.

I noticed in the logs the following. ( represents our real FQDN) which looks like CORS might not be properly configured in PU itself?

2020-08-26T09:34:13.3748411+00:00 0HM29KCOP17K2:00000001 [INF] Request starting HTTP/1.1 GET   (ca22a1cb)
2020-08-26T09:34:13.9225738+00:00 0HM29KCOP17K2:00000001 [INF] /login (68a5683a)
2020-08-26T09:34:13.9653921+00:00 0HM29KCOP17K2:00000001 [INF] Request finished in 595.7193ms 200 text/html (791a596a)
2020-08-26T09:34:14.0884360+00:00 0HM29KCOP17K2:00000002 [INF] Request starting HTTP/1.1 GET   (ca22a1cb)
2020-08-26T09:34:14.2456307+00:00 0HM29KCOP17K2:00000002 [INF] /login/favicon.ico (d0ff7f98)
2020-08-26T09:34:14.2458367+00:00 0HM29KCOP17K2:00000002 [INF] C:\Program Files (x86)\Universal\Login\favicon.ico (762f299d)
2020-08-26T09:34:14.2459993+00:00 0HM29KCOP17K2:00000002 [INF] image/x-icon (44e8ed0d)
2020-08-26T09:34:14.2583430+00:00 0HM29KCOP17K2:00000002 [INF] Executing "Microsoft.AspNetCore.Mvc.PhysicalFileResult", sending file '"C:\Program Files (x86)\Universal\Login\favicon.ico"' with download name '""' ... (5a6f99a2)
2020-08-26T09:34:14.2953935+00:00 0HM29KCOP17K2:00000002 [INF] Request finished in 206.9824ms 200 image/x-icon (791a596a)
2020-08-26T09:34:57.0190466+00:00 0HM29KCOP17K2:00000003 [INF] Request starting HTTP/1.1 POST application/json 88 (ca22a1cb)
2020-08-26T09:34:57.0281939+00:00 0HM29KCOP17K2:00000003 [INF] CORS policy execution failed. (09b6f179)
2020-08-26T09:34:57.0283350+00:00 0HM29KCOP17K2:00000003 [INF] Request origin "" does not have permission to access the resource. (a03d560b)
2020-08-26T09:34:57.4532332+00:00 0HM29KCOP17K2:00000003 [INF] Executing endpoint '"UniversalDashboard.Controllers.AuthenticationController.SignIn (Universal.Server)"' (500cc934)
2020-08-26T09:34:57.4921170+00:00 0HM29KCOP17K2:00000003 [INF] Route matched with "{action = \"SignIn\", controller = \"Authentication\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] SignIn(UniversalDashboard.Controllers.Credential)" on controller "UniversalDashboard.Controllers.AuthenticationController" ("Universal.Server"). (122b2fdf)
2020-08-26T09:34:58.1387459+00:00 0HM29KCOP17K2:00000003 [INF] Executing JsonResult, writing value of type '"<>f__AnonymousType0`1[[System.String, System.Private.CoreLib, Version=, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]"'. (2f513669)
2020-08-26T09:34:58.1537428+00:00 0HM29KCOP17K2:00000003 [INF] Executed action "UniversalDashboard.Controllers.AuthenticationController.SignIn (Universal.Server)" in 653.8807ms (afa2e885)
2020-08-26T09:34:58.1539533+00:00 0HM29KCOP17K2:00000003 [INF] Executed endpoint '"UniversalDashboard.Controllers.AuthenticationController.SignIn (Universal.Server)"' (99874f2b)
2020-08-26T09:34:58.1542800+00:00 0HM29KCOP17K2:00000003 [INF] Request finished in 1135.4041ms 200 application/json; charset=utf-8 (791a596a)
2020-08-26T09:35:01.4591835+00:00  [INF] Starting groom job. (bad5cbbf)

I’m having the same issue with OIDC in Powershell Universal.
The only account that I can get to work with OIDC is our Azure AD Global Admin. For some reason, that account is working perfectly fine.

For all other accounts in Azure AD, we are getting the above error with:

    2020-09-22T06:18:35.0741892-07:00 0HM2UV7PDIH43:00000002 [INF] Request starting HTTP/1.1 POST application/x-www-form-urlencoded 1417 (ca22a1cb)
    2020-09-22T06:18:35.0790540-07:00 0HM2UV7PDIH43:00000002 [INF] CORS policy execution failed. (09b6f179)
    2020-09-22T06:18:35.0792009-07:00 0HM2UV7PDIH43:00000002 [INF] Request origin "" does not have permission to access the resource. (a03d560b)

Did you have any luck finding a solution?

This may be a bug in how we configure CORS in PowerShell Universal. We’re adding a setting in 1.4 for you to allow specific origins to make cross domain calls so you’d be able to add to the allow list. Not sure why the admin one works though…

Fixed in PU 1.5.11