Getting Error while trying to login using OKTA

Getting this error while trying to login using okta

Here is all okta app aconfiguration

It gets logged in when i try to sign in by selecting option sign in using gmail. It first take me to my company’s okta login portal and then when I logged in successfully. It redirects to okta admin portal.
It should have stay on the same page and returned the login user name.
Then I hit the same endpoint to login which is localhost:8888/ride-share/api, this endpoint and all other endpoints are accessible.

Can same please help me out in this matter.
I’m badly stuck in it and can’t find my way out of it.

I have followed this article

Hello,

It looks like the user status may not be active, hence the authn request has failed.

Could you try to reset the password/reactivate the user and test again ?

If you still face issues, please create a Support case.

Thanks !

@gpadma my user is in reset password status

Not in active status

how to change it ?

Hi @inamkhan94 ,

You could try to do ‘Reset Password’ for this user from the okta dashboard and complete the action to bring the user back to Active status.

1 Like

Hi @gpadma thanks for replying.

I added one more account and assigned to my okta app through that account, I am now able to log in using the newly added account.

But the weird thing is that all get endpoints are accessible but post endpoints are returning forbidden(403) access.

My okta app’s grant type are authorization code and client credentials.

Sounds good @inamkhan94 .

Which endpoints are returning 403 ? If you have the logs, create a Support case for assistance.

Working fine now @gpadma

I have gotten auth code using authorize endpoint and then pass authcode in token endpoint to get token the pass in the header as bearer token and apis are accesible.
but there are two token access token and api token.
Can you tell me difference between two of them?

when i used audience in place of client secret and client id in my spring boot app configuration file then by hitting any endpoint it is not redirecting to okta sign in widget but when I used client id and secret in application configuration file then it is redirecting to okta sign in page first.
is this a normal behaviour, can you explain this ?

I have one more question @gpadma.

is it possible that we can set endpoint level authorisation specific to user, like we define roles.

There’s a couple of solid guides here about the difference between ID Tokens (which will/can contain information about the user logged in, such as their first & last name) and Access Tokens (what the given user is allowed to access):
https://oauth.net/id-tokens-vs-access-tokens/

Can you expand on what you were saying about configuring the audience in place of the client ID/Secret? Configuring the audience is related to how the user’s tokens are validated, as the Access Token will contain an aud claim matching the configured Audience for the server, and your application/receiving resource server/API should be making sure that the aud it sees in the Access Token matches the one it expected (to ensure that the right Authorization Server was used to issue the users token.