Adrian
I fixed the issue, for anyone going through the tutorial, there are some things you need to do to get it to work (after comparing end product of this tutorial with the finished product in the repo.)
1. The proper set-up for the app in the Okta console: Authorization Code checked, Implicit checked, both items under implicit checked. Screenshot in this tutorial is outdated, if Auth Code is not checked you will probably run into the Error 400 Whitelist URI error. Also, the redirect URI at login is http://localhost:4200/implicit/callback (if not already set as default). Initiate login URI is the exact same. Logout redirect is http://localhost:4200.
2. The schematic you are asked to use towards the end is out of date.
You should still run the command ng add @oktadev/schematics --issuer=https://{yourOktaDomain}/oauth2/default --clientId={yourClientId}
However, you need to make some changes to get the auto-generated code to match the repo code (which works, I tested in my troubleshooting).
So, check:
auth-routing-module.ts and delete the scopes attribute
Insert the client ID and issuer in the oktaConfig as necessary, and make sure the redirectUri has /implicit/callback
Make sure the path a few lines down is also implicit/callback
And finally, the fix to the 401 Error I get above:
auth.interceptor.ts
The auto-generated code for this file is wrong, and makes sense because the allowedOrigins and URL handling here matches with the Error 401 (cannot access endpoint on 8080, indicating a CORs issue)
So to fix this, just completely copy the auth.interceptor.ts code from the repo and paste it over the old code completely.
I ran the client and server right after this step and it immediately worked correctly, all login flows, all components work, etc.
Cheers