Error Code E0000015 after following .NET 4.X tutorial

Can anybody advise what the following is caused by?

{“errorCode”:“E0000015”,“errorSummary”:“You do not have permission to access the feature you are requesting”,“errorLink”:“E0000015”,“errorId”:“oae2U7V8B_aQj-RVT8Qg_AOrA”,“errorCauses”:[]}

Looking at fiddler it seems to happen when a request is made to
https://****.okta.com/oauth2/default/.well-known/openid-configuration

I don’t see a call in any of my code for this so assume it is something baked in.

I’m running on Localhost if that is relevant.

How did you get your Okta organization? I think you have an org that doesn’t have the correct feature set.

Did you sign up on developer.okta.com?

No I’m signed up to the 30 day free trial.

Do I need a developer account as well?

Let’s step back for a second. What are you trying to do with your trial?

We have two version of trials @ Okta.

Okta IT Trial - a 30-day limited trial that has features and functionality enabled for the IT product. This is useful for people that want to evaluate Okta for employee administration use-cases. SSO, reducing help desk tickets etc.

Okta API Products Trial - a finite number of user limited trial that has features and functionality enabled for the app developer. This is useful for people building externally facing applications that need to manage their end users and build on top of OAuth 2.0 and OpenID connect.

The IT trial does not have OAuth 2.0 endpoints enabled for the app developer use cases. If you are building an employee based application on the IT Trial, you need to contact Okta at support@okta.com or get in touch with sales to have this functionality turned on.

On a separate thread, I’m going to see if we can get traction on enabling this feature on IT Trials since they are timed, I don’t see the harm.

Also, if you signed up for the wrong trial, mind walking me through the discovery path that led you to sign up?

Hi Tom.

In that case I do have the right product I think. This is for a web based application but one that can only be accessed by our employees.

Another part of the business already uses Okta but I registered on the trial so that I could experiment before going through the process for real.

Does the full IT solution have those features on by default or do I need to register them on our “real” account?

Does the full IT solution have those features on by default or do I need to register them on our “real” account?

It matters what they bought, the pricing for the IT Product is SKU based, so it really matters.

One more question, are you attempting to protect any APIs and need an access_token or are you just interested in authenticating the user so they can SSO into Okta to access to end-user chiclet page?

Sorry I’m not familiar with this term?

This thing:

Ah yeah OK, didn’t know that was it’s name.

Yeah that’s exactly what I’m trying to do, get my application onto that for our employees. We already have lots of other applications on there, Outlook etc.

Change the URL in configuration to:

var authority = "https://{yourOktaDomain}.com";

Note: /oauth2/defaultwas removed

That is the authorization server for your Okta organization. It will return an ID Token for your Okta organization. The custom authorization server /oauth2/default is used for people building non-employee applications where they need to control the access token and issuer of those tokens.

Let me know any other questions!
Tom

I ran into the same problem. After above fix changing the URL fixed the original issue, I am getting an error with token response response at line 75 of https://github.com/oktadeveloper/okta-aspnet-mvc-example/blob/master/OktaAspNetExample/Startup.cs. Error is “not found”.

            AuthorizationCodeReceived = async context =>
            {
                // Exchange code for access and ID tokens
                var tokenClient = new TokenClient(
                    issuer + "/v1/token", clientId, clientSecret);
                var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(context.ProtocolMessage.Code, redirectUri);

                if (tokenResponse.IsError)    // <---- error occurs here with "not found"
                {
                    throw new Exception(tokenResponse.Error);
                }

issuer is “https://{{myOktaTrialPrefix}}.okta.com/”

To confirm, you are seeing E0000015?

Hi.

Yeah I had the same, but noticed that

var tokenClient = new TokenClient(issuer + "/v1/token", clientId, clientSecret);

Should be

var tokenClient = new TokenClient(issuer + "/oauth2/v1/token", clientSecret);

and

 var userInfoClient = new UserInfoClient(issuer + "/v1/userinfo");

Should be

 var userInfoClient = new UserInfoClient(issuer + "/oauth2/v1/userinfo");

I think.

Give it a try. Worked for me.

1 Like

Thanks Adam. Fixing the other references to add /oauth2 solved the problem.

1 Like

No worries! Glad you are sorted.

1 Like