401 error on login using the sample link

Hi, our company is trying to use okta. Now still in POC period. I use the link to create a app using visual studio code. The link is https://developer.okta.com/code/angular/okta_angular_sign-in_widget/. I added the localhost:4200 to trusted site with CORS. Now I got 401 error. Now I’m using company okta domain. The config is
const config = {
issuer: ‘https://{company name}.okta.com/oauth2/default’,
redirectUri: ‘http://localhost:4200/implicit/callback’,
clientId: {client id},
pkce: true
}

For the application okta, I use open id connect.

Anything I missed for set up?

Thanks
Judy

Judy,

Do you know if your Okta instance has the API Access Management feature enabled? You are likely encountering this issue because the sample is using a custom authorization server that is included with this feature (/default). You can confirm this is the case by trying to navigate to the discovery endpoint for this authorization server to see if it is available to you to use (just swap company name out for your Okta subdomain): https://{company name}.okta.com/oauth2/default/.well-known/openid-configuration

If you don’t have this feature, you can update your issuer to simply be your Okta domain, à la https://{company name}.okta.com to avoid using a custom Authorization Server and use the built in one for SSO.

Yes, we have API Access Management feature. And I’ve checked and found default is there. Now I replaced it and got different error:

The endpoint does not support the provided HTTP method",“errorLink”:“E0000022”,"errorId

Any thoughts?

Thanks

Judy

Hi @Judy.Wang

The URL provided by @andreaskouras refers to accessing the URL directly in your browser (eg. https://yourcompany.okta.com/oauth2/default/.well-known/openid-configuration).

Following the 401 error, can you please check how you are exchanging the authorization code for JWTs and if you are sending the client id (and client secret if available) on /token endpoint? You can find an example in plain JS here to achieve this use-case.

My flow is

  1. browse app page
  2. it will popup okta login page
  3. after login, it will redirect back app page

Now I updated the AllowGrantTypes to make Implicit(hybrid) “Allow Id token…” checked.
And I also use Token preview to make sure my account works. Grant type is Authorization code. Scope is open id. But when i use my code, I still got 401 error

issuer: ‘https://(company name).okta.com/oauth2/default’,
redirectUri: ‘http://localhost:4200/implicit/callback’,
clientId: (client id),
scope: ‘openid’,
pkce: true

Thank you

JUdy

Hi @Judy.Wang

Can you please open a support ticket with us at developers@okta.com in order to have this further investigated?