Hello,
I am receiving a d “400 bad request” when being redirected to the /authorize endpoint. I made sure that I am passing the right client id and client secret and the application is in active status.
This is the request uri:
https://dev-MY_ACCOUNT_ID.okta.com/oauth2/default/v1/authorize?client_id=MY_CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauthorization-code%2Fcallback&scope=openid+email+profile&state=ApplicationState&nonce=SampleNonce&response_type=code&response_mode=query
Pleas advise
Hi Mia,
It is a bit difficult to analyse your error without the relevant tenant/app and error details. Does the error message itself provide more relevant information as shown in this Knowledge Based article: 400 error on authentication to Okta using OIDC
If so then then the root cause of the issue is that your tenant does not have the paid add-on SKU API Access Management and instead of using: https://dev-MY_ACCOUNT_ID.okta.com/oauth2/default/v1/authorize you should use https://dev-MY_ACCOUNT_ID.okta.com/oauth2/v1/authorize as your /authorize request.
If that is not the cause of your issue then please have a look at this KB article: 400 Bad Request when redirecting to the /authorize endpoint with no error description:
Cause
The authorize request is invalid, which is caused by a misconfiguration somewhere, either in your authorize URL or within the application settings in Okta. When there is no error description shown on the error page, like one would see
if the redirect_uri provided is unrecognized, the usual issue is with the client_id.
Resolution
Potential causes and things you should check:
OIDC application may be set to INACTIVE in Okta
-
Make sure the application you are testing with is set to ACTIVE
-
client_id provided is not valid
-
Make sure the client_id you are using is associated with the Okta org (subdomain) to which you are making the request
-
Make sure the client_id EXACTLY matches the one shown in the Admin Console, as client_ids are case sensitive in OAuth