Error: InvalidOperationException: IDX20803: and InvalidOperationException: IDX20807


We’re integrating our web app core(Blazor) to Okta but we’re getting this error InvalidOperationException: IDX20803 and IDX20807.

This works using the developer/trial domain but whenever we use the clien’ts Okta domain we get this error. We also used the default sample app for Blazor but we got the same thing. It works only in the developer/trial account and not on the client.

Here is the detailed error:

An unhandled exception occurred while processing the request.

IOException: IDX20807: Unable to retrieve document from: ‘System.String’. HttpResponseMessage: ‘System.Net.Http.HttpResponseMessage’, HttpResponseMessage.Content: ‘System.String’.

Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)

InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘System.String’.

Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)

What we are missing here? Thanks!


Can you try making a GET request to the discovery endpoint for the issuer you’re using?

If you see the error message "You do not have permission to access the feature you are requesting" then it could mean your org doesn’t have the API Access Management feature. In that case, you can try using the Org authorization server or reach out to your account manager to purchase the API Access Management feature.

I tried a GET request from default Custom Authorization Server and got the “You don’t have permission to access …” error

https://${yourOktaDomain}/oauth2/default/.well-known/openid-configuration (using our client Okta domain)

I tried also to have a GET request using this Org Authorization Server which has a json reply with all the parameters


Our client says they don’t use the Custom Authorization and is using Org Authorization Server. They said they don’t have API Access Management feature.

Also, a follow-up question: If they are using Org Authorization server, does it has different implementation from you sample app where we defined the parameters in appsettings.json?

“Okta”: {
“OktaDomain”: “{client domain}”,
“ClientId”: “{client id}”,
“ClientSecret”: “{client secret}”,
“AuthorizationServerId”: “default”

To use the org authorization server, you’ll want to set AuthorizationServerId to string.Empty.

We finally got it worked! Since the client is using the Org Authorization server, you have to refer it as Authorizationserver in the appsettings parameter then the value is the Client domain itself.

Thank you all.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.