Invalid_social_token - Could not acquire access token from authorization code 2

I have created a api gateway to plug a oidc-like system to okta as an IDP.

Now I am stuck at the token api, OKTA authorize server keep saying it cannot acquire access token

I have already implemented the token api response look like:

  "access_token": "eyJraWQiOiI4ZmVmM",
  "id_token": "eyJraWQiOiI4",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "openid"

and the id_token payload look like this:

  "aud": "<client id in Okta IDP config>",
  "sub": "<The id from the idp",
  "auth_time": "<auth time from the idp>",
  "iss": "<issuer in Okta IDP config>"

Also checked that the api is working fine without connecting to Okta.
In addition, the total same settings are working in UAT environment.
The problem occours when setting up the production environment.

Any idea for me to check any config I have missed?


To verify I understand the use-case, you have system that is acting as an OIDC provider and have registered that as a generic OIDC IdP in your Okta Org.

  • In UAT this is working and user can login via this OIDC provider.
  • In Production Okta is giving an error unable to acquire access token?

If the above is correct when Okta makes a request to the /token endpoint of your OIDC provider do you see the call? If so and all the Okta system log shows is unable to acquire access_token, it might be helpful to have Okta support check out logs to see if anymore information is provided.

Can you provide the Org URL and id of the IDP that is registered in Okta? If you don’t want to share that info on the forum you could either open a support case or I could message you.

Thank Youm

1 Like