Looks like the Okta tenant you are using does not have the API Access Management license, which allows you to use custom authorization servers, including the one named default. As long as this is an MVC app and not a WebApi app, you will want to ensure that the Org Authorization Server (available for all orgs, even without the aforementioned license). You’ll see a permissions error if you hit that endpoint in your browser: https://OktaDomain/oauth2/default/.well-known/openid-configuration
If you use our .NET middleware, you’ll want to set AuthorizationServerId to string.Empty, as described in our docs: okta-aspnet/aspnet4x-mvc.md at master · okta/okta-aspnet · GitHub
If you use OWIN etc directly, make sure the Issuer is JUST the Okta domain (without any trailing /oauth2/default). This server has the following well-known url: https://oktadomain/well-known/openid-configuration
More details about the different types of Authorization Servers discussed here: Authorization servers | Okta Developer