Issue with okta_post_message responce mode giving error

we are seeing issue with okta_post_message response mode . the URL works fine with query.

we re using custom domain in our org. issuer also set to

Both redirect url also in same domain.

Below is the URL we are trying on browser and it get struck on the browser not going anywhere. profile

Below is the error showing in developer tool.

Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘’) does not match the recipient window’s origin

Did any one faced similar. Please let me know why it’s not working with okta_post_message .

When using okta_post_message, t is expected/required that the domain making the /authorize redirect should match the one that will receive the authorization code, aka the redirect_uri, see our docs for reference:

okta_post_message is an adaptation of the Web Message Response Mode (opens new window). This value provides a secure way for a single-page application to perform a sign-in flow in a pop-up window or an iFrame and receive the ID token, access token, and/or authorization code back in the parent page without leaving the context of that page. The data object for the postMessage call is in the next section.

Note: The value of the targetOrigin parameter for postMessage() specifies what the origin of parentWindow must be for the event to be dispatched (this is enforced by the browser). The okta_post_message response mode always uses the origin from the redirect_uri specified by the client. This is crucial to prevent the sensitive token data from being exposed to a malicious site.