Error: You do not have permission to access the feature you are requesting

kevin_brown · December 8, 2024, 5:09am

I’m trying to configure a redirect auth flow integration for the Graphweaver open source project using @okta/okta-auth-js.

I’ve created a trial and configured a SPA application using the Okta CLI.

When I attempt to log in I get the following error:

{
    "errorCode": "E0000015",
    "errorSummary": "You do not have permission to access the feature you are requesting",
    "errorLink": "E0000015",
    "errorId": "oaelqgwAC8wQNqPdQha4FsaMA",
    "errorCauses": []
}

Source code for the integration, in particular the calls to the @okta/okta-auth-js library are here: graphweaver/src/packages/auth-ui-components/src/components/okta/login/component.tsx at feature/okta-auth · exogee-technology/graphweaver · GitHub

I have followed the steps in this guide Sign users in to your SPA using the redirect model | Okta Developer except that I don’t want to use the okta-react library as we integrate with many auth providers, so we just want to treat this as a standard JWT with a JWKS URI.

How do I get the flow to work?

andrea · December 9, 2024, 4:16pm

Can you try setting the issuer for the OktaAuth client to just your Okta domain URL (e.g. https://example.okta.com) and see if you still get the same error?

kevin_brown · December 10, 2024, 12:15am

Yup, I found that in a different thread and tried it. Different but equally blocking error.

kevin_brown · December 10, 2024, 3:30am

Ok, I figured you’d want a reproduction case, so here you go: https://codesandbox.io/p/sandbox/66hjm5

As you can see from that code example:

The issuer is just the trial okta domain.
The client ID is an SPA configured in our okta domain.
Clicking the Login button gives the error:

AuthApiError
You do not have permission to perform the requested action
    at v (https://66hjm5.csb.app/node_modules/okta/okta-auth-js/umd/default.js:2:82099
    at eval (https://66hjm5.csb.app/node_modules/okta/okta-auth-js/umd/default.js:2:84769

If I remove the issuer the error says:

No issuer passed to constructor. Required usage: new OktaAuth({issuer: "https://{yourOktaDomain}.com/oauth2/{authServerId}"})

So if I follow that requirement, I get the issuer as I’ve put there commented out. When I uncomment this line I get:

You do not have permission to access the feature you are requesting

Can you please fork that CodeSandbox and correct it so that it works?

system · January 9, 2025, 3:31am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Post		Replies	Views
AuthApi Error / You do not have permission to access the feature you are requesting Questions	5	3480	September 21, 2022
Error on OIDC login Questions	3	2180	December 6, 2022
Okta Login Error OAuth/OIDC	2	410	August 21, 2024
Okta Sample React SPA is not working OAuth/OIDC	6	2369	March 13, 2023
Trying to implement okta-oauth-js examples, no permission to fetch openid-configuration OAuth/OIDC api , oauth , javascript	4	2627	March 4, 2023

Error: You do not have permission to access the feature you are requesting

Related topics