Confirm OKTA /w External IdP Flow

Can someone please confirm if I am integrating an external IdP properly?

This url redirects user to /authorize endpoint of custom IdP, where email address / password form is presented to user…

https://dev-446511.okta.com/oauth2/v1/authorize?client_id=<client_id>&code_challenge=tablet_generated_code_challenge&code_challenge_method=S256&idp=&nonce=tablet_generated_nonce_value&redirect_uri=https%3A%2F%2Fidp.acmetrucking.com%2Foauth2%2Fv1%2Ftoken&response_type=code&scope=openid&state=tablet_generated_state_value

User submits form, and if credentials are confirmed, is redirected to…

https://dev-446511.okta.com/oauth2/v1/authorize/callback?state=<generated_value>

Then user is redirected to…

https://idp.acmetrucking.com/user/login/success

But I am receiving this error in the url:

&error=invalid_social_token&error_description=Could+not+acquire+access+token+from+authorization+code.

Should I be submitting an id_token to https://dev-446511.okta.com/oauth2/v1/authorize/callback as part of the payload so OKTA can consume it?

I expect the user to be directed to https://idp.acmetrucking.com/user/login/success#code=<auth_code>

Not sure what to do here…

Hi @shouttag_mike

Based on the error, Okta received an authorization code from the identity provider, but could not exchange it back for an access token to authenticate the user. This usually happens if the client ID and/or client secret are incorrect in Okta.

Can you please check the credentials added for the IdP in Okta under administrative panel >> Users >> Social & Identity Providers?

I have no idea what to send to https://dev-446511.okta.com/oauth2/v1/authorize/callback?state=<generated_value>, I’m not trying to exchange anything with okta at this point, I just want to let OKTA know that the user successfully authenticated and should be granted an okta authorization code so we can use it for an okta id and access token.