400 Bad Request for using Okta Hosted Login with Sample MVC app


I am new to Okta-OIDC and learning the Authorization Code flow (with/without PKCE). I wanted to see the default Okta hosted login page from the sample source application provided by Okta in the github.

First, I have created a okta application in my developer account. Then, I pulled the sample ASP.NET application and changed client id,. secret, domain values in web.config and set the Login redirect URI and Initiate Login Uri as http://localhost:8080/authorization-code/callback.

Now when I run the app and click Login option, I get 400 Bad request. When I check the page details - it says Javascript is disabled… please enable and refresh. I checked the setting of Chrome and IE and I see both browser has javascript already enabled.

I also tried running following request from the IE/Chrome browser and it returns same error

Request to Authorization Code flow (expecting the Code and State returning to my call back function)

{okta developer domain url}/oauth2/default/v1/authorize?client_id={clientId}&response_type=code&scope=openid&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauthorization-code%2Fcallback&state={someDummyStateValue}&code_challenge_method=S256&code_challenge={codeChallenge}

I am not sure about the value of redirect_url… I have also tried to set the end point in the sample application as (redirect_uri=http://localhost:8080/home/MyCallBack and the code as follows)

public class HomeController : Controller {
public ActionResult MyCallBack (string code, string state) {


So, due to the 400 error, I have yet to see the Okta hosted login page.

Please check and let me know.

Chandresh Sanghavi

Hi @csanghavi

Can you please check if the URL “http://localhost:8080/authorization-code/callback” is added in Okta under Admin >> Applications >> your OIDC application >> General tab >> Login Redirect URIs section?


Thanks for looking into this.

I pulled code again from the github and rebuilt and it worked fine !! I believe I did set the callback endpoint as you mentioned in my app as well as in the code…