400 Bad Request salesforce external idp

Hi everyone, I configured Salesforce as an external IdP for my okta Authentication, but after receiving the token and the state from salesforce the okta callback shows a 400 bad request with this error: Your request resulted in an error. The UserInfo response is invalid. Technical details: Identity Provider: OIDC, Error Code: access_denied

but if I look at the URL there is a token and a stat u suppose from salesforce, could anyone help on this? I could actually pay a personal mentorship or something.

this is how the url looks like: https://{mycustomdomain.com}/oauth2/v1/authorize/callback?code={code i guees from SF}%3D%3D&state={state token}

I think, Okta is trying to invoke /userinfo on salesforce and failing to do that. Is it a requirement, to use OIDC for your integration? I believe SAML may work as an alternative

Thanks! and no, it’s not a requirement so I guess I’ll try out the SAML protocol, still is strange why Salesforce doesn’t allow me to get the userInfo. anyway thank you!

when postman was doing that I resolved it by changing my auth and access token URLs from this
…/oauth2/v1/authorize…
to this
…/oauth2/default/v1/authorize…

maybe see if you can sell SAP to use diff URLs