Identity Server - Login Looping

We have .net Core Identity Server set up. I can point to Okta and Login but getting two scenarios:
1. In my config if I do this order
app.UseIdentityServer();
app.UseAuthorization();
I can log into Okta and then call back I get this error - “InvalidOperationException: sub claim is missing
Duende.IdentityServer.Hosting.IdentityServerAuthenticationService.AssertRequiredClaims(ClaimsPrin
cipal principal) in IdentityServerAuthenticationService.cs, line 106”

  1. If I switch order and run, I log into Okta but this time the callback loops and I can see the code_challenge parameter in the URL keep changing…

Im looking to see which order the calls should be but then also how to fix the error base on that order.

thanks