400 Bad Request on Authorization Endpoint Using Okta Trial Accounts

Questions
1

Hi all,

I’m working on an OAuth 2.0 integration using two Okta trial accounts. Here’s the setup:

  1. My App’s Account (Trial Account 1): This is where I’ve registered my app and have a Client ID and Client Secret. I’ve successfully tested the flow within this account and was able to get an authorization code, exchange it for a token, and use it to list all users in this account.
  2. Customer’s Account (Trial Account 2): This is a separate Okta trial account, representing a customer, where I’m now trying to request an authorization code using the same app.

However, I’m encountering a 400 Bad Request error when trying to hit the authorization endpoint on the customer’s account.

My Setup:

  • Client ID: From my app in Trial Account 1.
  • Redirect URI: https://postman-echo.com/get, which I’ve added to the allowed redirect URIs in my app configuration in Trial Account 1.
  • Scopes: openid offline_access
  • Authorization Server: I’m using the default authorization server in the customer’s Okta account (Trial Account 2).

Authorization URL:

bash

Copy code

https://{customer-okta-domain}/oauth2/v1/authorize?client_id=MY_CLIENT_ID&redirect_uri=https://postman-echo.com/get&response_type=code&scope=openid offline_access&state=random_state_value

What I’ve Checked:

  1. Redirect URI Configuration:
  • I confirmed that https://postman-echo.com/get is in the list of allowed redirect URIs in my app configuration in Trial Account 1.
  • This configuration works when I test it within the same account (Trial Account 1), where I’m able to complete the flow and list all users.
  1. Scopes: I’m only requesting openid and offline_access, which should be standard and supported.
  2. URL Formatting: I’ve checked the URL for spaces, encoding issues, and typos.

Error Details:

The response is a 400 Bad Request. Unfortunately, I’m not seeing a detailed error message explaining what’s wrong.

My Questions:

  1. Is there any additional configuration required in the customer’s Okta account (Trial Account 2) to allow this flow to work? For example:
  • Do scopes need to be explicitly configured in the customer’s account?
  • Are there policies that might block this request?
  1. Are there logs in the customer’s Okta admin console that could help debug this issue?
  2. Given that the flow works within the same account (Trial Account 1), are there any cross-tenant limitations with trial accounts that might cause this flow to fail?

Any insights or suggestions would be greatly appreciated. Thanks in advance for your help!