IDX20804: Unable to retrieve document from: '[PII is hidden]'

Good afternoon everyone.

So, when I’m using of my developer account, the application works properly, following this tutorial: http://www.macaalay.com/2018/10/11/adding-okta-authentication-with-your-mvc-application-is-easy/

But when I change the configuration to use our payed domain, I got the error:

[HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).]
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +211
Microsoft.IdentityModel.Protocols.d__8.MoveNext() +720

[IOException: IDX20804: Unable to retrieve document from: ‘[PII is hidden]’.]
Microsoft.IdentityModel.Protocols.d__8.MoveNext() +1167
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.IdentityModel.Protocols.OpenIdConnect.d__3.MoveNext() +388
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.IdentityModel.Protocols.d__24.MoveNext() +865

[InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘[PII is hidden]’.]
Microsoft.IdentityModel.Protocols.d__24.MoveNext() +1570
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.OpenIdConnect.d__c.MoveNext() +706
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__40.MoveNext() +349
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__39.MoveNext() +447
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__34.MoveNext() +196
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +929
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +735
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Mapping.d__3.MoveNext() +825
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +225
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +159

I saw some similar questions here on forum, but none of them resolved my problem.
There is some option that I need to enable?

Both domains have the same application configuration, same CORS/Redirects…

Any idea?

Thanks.

Hi @lucaslorensetti

Can you please open a support case with us by sending an email to developers@okta.com to have this further investigated?

Good afternoon.

So, with Dragos help, we found the root of issue.

When we’re using a Developer account, we’ve a Authorization Server with the name “default” (you can check under Security > API > Authorization Servers.

As you can see here https://github.com/okta/okta-aspnet/blob/c88b2ecce4bb006adcb3f095a5af0a1b73142d5a/Okta.AspNet.Abstractions/OktaWebOptions.cs#L12 by default the Okta.AspNet nuget package use that if we don’t set some value.

The okta non developer domains doesn’t have that Authorization Server option enabled by default, so, also we don’t have the “default” Authorization Server.

That means if you’re using the developer domain, you can left the default value if you want, otherwise should be null when we setup the “UseOkta” on Owin Startup.cs.

That’s all. Thanks.

Hi Dragos,

Mine is also a similar case When connected to the public okta application works well.
But while connecting to the non public okta I am getting the below error.
[InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘[PII is hidden]’.]
Microsoft.IdentityModel.Protocols.d__24.MoveNext() +1211
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.OpenIdConnect.d__8.MoveNext() +547
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__40.MoveNext() +349
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__39.MoveNext() +447
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__34.MoveNext() +196
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +929
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__7.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +735
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__7.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__12.MoveNext() +192
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +225
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +159

Thanks.

Hi @Pooja

Can you please send an email to developers@okta.com to further investigate this issue?

Pooja, did you find a solution to this problem? I am also stuck at the same issue.