401 Unauthorized Error

BreannaPorter · July 27, 2020, 8:07pm

I followed the tutorial linked here (Okta Authentication Quickstart Guides | Okta Developer) and my front end is successfully singing-in using the Sign-In Widget and the Auth Code Flow with PKCE but I am getting a 401 unauthorized error whenever I try to make requests to the .NET Framework 4.5.2 Web API which I secured by following the ‘Server Setup’ section in the same tutorial.

I’m running into the issue both when testing the routes locally using postman and when I deploy the API and call the routes from within my web app. I have tested the tokens being generated by my front end with an API deployed using sample code from Okta and they authenticate fine when testing with that API. I have tested if this could be a CORS error but this does not seem to be the case.

andrea · July 28, 2020, 3:00pm

Are you using a Developer org or a production org with this tutorial? If you are using a production org, are you able to create and use custom authorization servers?

BreannaPorter · July 28, 2020, 3:12pm

I’m using the preview instance of a production org which I believe has the ability to create and use custom authorization servers

andrea · July 30, 2020, 7:38pm

When logged into the admin console and you go to Security > API, do you see a tab for Authorization Servers? If so, you should be able to use and create custom servers.

It may be best for you to open a support case with developers@okta.com so someone can provide some further assistance.

BreannaPorter · July 30, 2020, 8:19pm

The support agent on my Okta ticket actually was the one to suggest I open a dev forum post. Yes, I can create a custom authorization server, but have so far been using the default one.

TheWebGuy · July 31, 2020, 5:29pm

@BreannaPorter , I am also stuck at the same issue.

@andrea
Why do we need to create a custom authorization server? Why cant we use the default server? and if we create one what to do to create one ? This is complex and needs some good videos or documentation to explain… Wonder how did Okta gain so much momentum with such complex implementations.

Rajiv P

andrea · August 14, 2020, 10:26pm

You can use the ‘Default’ server, but that is a ‘Custom authorization’ as far as Okta is concerned. You will not be able to locally validate access tokens minted by Okta, unless your application is using a custom server. Not all production tenants have the ability to use/create custom authorization servers.

When using default, this means that the ‘issuer’ for your application is https://{{oktaDomain}}/oauth2/default and all requests you make for tokens generated by that issuer will contain that as the base URL for your request. Aka, the authorize request goes to https://{{oktaDomain}}/oauth2/default/v1/authorize, a token call goes to https://{{oktaDomain}}/oauth2/default/v1/token, a userinfo call goes to https://{{oktaDomain}}/oauth2/default/v1/userinfo, etc

system · April 25, 2022, 4:45pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Getting 401 after using access token Questions	5	6416	June 19, 2020
401 error on login using the sample link Questions	6	7104	December 10, 2019
Okta Authentication in webapi .net without Authorization Server Id OAuth/OIDC	3	2896	May 9, 2022
Authorizing Okta scopes: invalid scope error Questions	4	7087	January 21, 2022
Can't create a custom Authorization Server OAuth/OIDC api , spring , java	6	6017	August 14, 2018

401 Unauthorized Error

Related topics