401 Unathorized for token on implicit/callback Redirect

I am setting Okta auth for a client using React and Node.js and I am getting the following. After providing credentials in okta login screen on our dev environment, the user is redirected to implicit/callback url and token HTTPS request gets the following error:

  • error: “invalid_client”
  • error_description: “Client authentication failed. Either the client or the client credentials are invalid.”

The login flow works well in local environment and I am able to access everything but when we deploy to our dev we get error above even though our clientId and oktaDomain credentails

On top of this, if I get this error, I don’t see any way to redirect the user to a different screen from the implicit/callback which is not ideal. All we are getting is the page below.


Below is the code we are using. API Access Management feature is enabled.

Can someone assist?

const config = {
  issuer: `https://${process.env.REACT_APP_OKTA_DOMAIN}/oauth2/default`,
  redirectUri: window.location.origin + '/implicit/callback',
  clientId: process.env.REACT_APP_CLIENT_ID,
  // pkce => false in local and dev because it requires HTTPS. it's true for testing and prod.
  pkce: process.env.NODE_ENV !== 'development',
}

export const routes = (
  <ConnectedRouter history={history}>
    <Switch>
      <Security {...config}>
        <Route
          exact
          path={CmsRoutes.Home}
          component={oktaAuth(withOkta(Dashboard))} />
        <Route path="/implicit/callback" component={ImplicitCallback} />
         // ...
      </Security>
    </Switch>
  </ConnectedRouter>
)

Hi @andriy

Can you please grab a HAR file as described here with the requests from the beginning up until reaching the /token endpoint and open a support ticket with us through an email to developers@okta.com?

I am getting this same error with the following steps to reproduce:

Login to my app, okta redirects correctly to sign in.
The next day, visit application again, the error above shows.
If I then manually remove the implicit/callback route from the browser url and hit enter login flow works correctly.

Did you fix the error in your application?