language : C#, .net Core 7
Visual Studio 2022
example : samples-aspnetcore-7x → okta-hosted-login
In ‘App Settings.json’, I changed the OKTA domain to the OKTA domain in service and added the client ID and password.
Then I ran Debug and clicked the Sign in button, but the following error occurred.
If you know the solution, please share.
Which endpoint does it think is being hit here?
This looks like the error you would receive if you try to have our .NET SDK use a Custom Authorization Server (such as the one named Default, which it will try to use automatically) but your Okta Org lacks the necessary license to use such a server.
In which case, you should be able to resolve the error by setting the AuthorizationServerId to
string.Empty, as stated in our documentation here: https://github.com/okta/okta-aspnet/blob/master/docs/aspnetcore-mvc.md#configuration-reference. This will ensure it tries to use the Org Authorization Server instead, which does not require an additional license
Could this problem be caused by a firewall or network blocking?
I’m in development at a company. I’ve set it to allow all outgoing traffic, but if the firewall blocks the incoming connection, could this error occur?
This should be outgoing traffic, but it could be getting blocked.
When I’ve seen this before, the error was related to the SDK/OWIN attempting to reach the discovery/metada endpoint for the authorization server to collect all its endpoint (so it can start making OAuth requests), so this is going to be first request made to Okta to log a user in.
Does the same error reproduce if you test this outside of your companie’s network?
The same error occurred when testing outside the company.
Can you tell which exact URL the library is trying and failing to make a request to?
What do you have configured as the AuthorizationServerID for your application, or are you using the default configuration for okta-aspnet, which is to use the “Default” Authorization Server (see docs)?
If you haven’t set your own AuthorizationServerId in the OktaMvcOptions, it will try to use the Default Authorization Server, whether or not your Okta org is licensed to use this server. If your org lacks the API Access Management license, you can try changing this value to
string.Empty. If you do so, do you still see this error?