How to add Authorization server id in the authorize url


I am trying to get my authorize URL looking like https://${yourOktaDomain}/oauth2/${authorizationServerId}/v1/authorize like mentionned in the document, because I am using a custom authorization server and I need to get custom scopes.

However, after trying different combinations between the issuer and the discoverUri parameters in the createConfig method, my authorize URL keeps looking like
/oauth2/v1/authorize?scope=custom_scope&response_type=... (without the auth server ID that I am trying to add), according to the admin console

My createConfig is like the following :

  await createConfig({
    clientId: '0oaxxxxxxxxxxxxxxxxx',
    redirectUri: '',
    endSessionRedirectUri: '',
    issuer: '',
    discoveryUri: '',
    scopes: ['custom_scope', 'openid'],
    browserMatchAll: true,

I tried removing the issuer, adding /v1/authorize, etc…
I am getting this error
{"error_code": "-600", "error_message": "Authorization error"}

and the console specifies that it is a “illegal_custom_scope” failure

Thank you for your help.

1 Like

Hello @Valentin,

What library/SDK are using, (React Native)?

The issuer setting you have looks correct.
For the discoveryUri should be one of,


Both of the above URLs will list the authorization server endpoints / capabilities.


@erik’s example is perfect if you’re using the default auth server.

If you’re using a custom auth server, replace default in @erik’s example with auth server identifier. e.g.

Perhaps double check which auth server you’ve setup the access policies / scopes under?

1 Like

Thank you for your answers.

I omitted to specify that I am indeed on react-native (0.67.5) and I am using the latest version of the okta lib (@okta/okta-react-native 2.7.0).

@erik These URLs works well if I try them manually with Postman, but the problem is that I can not add my auth server id in the authorize URL via the library, and so I am having authorization error when I try to get a custom scope.

Thanks again for your help.

1 Like

Have you tried using the below for discoveryUri,

discoveryUri: '',
1 Like

Yes, I just tried but I got the same result (“Authorization error”).

After a quick look in the lib source, I noticed this sample of code

  const { origin } = new Url(discoveryUri);

  oktaAuthConfig = {
    storageManager: {
      token: {
        storageProvider: storageProvider
    issuer: issuer || origin,

  authClient = new OktaAuth(oktaAuthConfig);

so maybe that’s why whatever I put in the discoveryUri, it will be overwritten by the “origin” of the URL.
I also tried the value you suggested for the issuer, but I am getting the same result again.

Thanks again for your time

1 Like

Perhaps try to set:
issuer: 'https://{yourOktaDomain}/...',

As per GitHub - okta/okta-signin-widget: HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps?

You could add some console logging to test your hypothesis if its being overridden or not.