The redirect URI appears to be whitelisted for the client, so I’m not totally sure what’s causing this error message. I haven’t seen mention of this particular message anywhere in the forum or Okta documentation, and I’ve successfully implemented other PKCE clients using localhost before so I’m not sure what’s different in this case. Any ideas here? Thanks.
Can you please open a support ticket with us through an email to developers@okta.com in order to further check the back-end logs for further details regarding this error? Please mention in the email the client ID used.
@dragos@djfdev
I’m facing this same issue with my iOS (cordova based) app whereas it works fine with Android with the same redirect uri and client ID.
Anyone has a resolution for this error?
400 Bad Request
{
“error”: “invalid_request”,
“error_description”: “Browser requests to the token endpoint must be part of at least one whitelisted redirect_uri.”
}
Since this is Cordova app, Origin must be “file://”.
Can you please debug and confirm if your Request parameter, specifically Origin, is same in both (Android and iOS) or different?
Regarding Trusted Origin settings on Okta side, did you set anything?
Yes @Dijo , the Origin header was the issue and I got to know seeing the logs - “failure: illegal_origin_browser_request”.
iOS app was sending this header with value “file://” whereas Android didn’t. I had to use an advanced http library to remove the Origin header.
Thanks a lot for your time.