Native Application Authentication Flow


I’ve found a few topics on this but they seem to reference code snippets that are not there and things appear to have changed and or are out of date.

We’re building a number of native applications which do not have browser components.

We figure our flow is like this:

  1. api/v1/authn (works)
  2. Detect Factor
  3. Activate Factor
  4. Verify Factor (and for push a poll to check status)
  5. /oauth2/v1/authorize/ Get Authorization Code + ID Token. (fails)

This is where we run into difficulty. Having configured our application as Native and having configured all the grant types we attempt an authorize:

/oauth2/v1/authorize?client_id=&response_type=code id_token&response_mode=fragment&scope=openid&redirect_uri=com.oktapreview.:/callback&state=moot&nonce=123123123232233232&sessionToken=

The issue is we then get a:

Identity Provider: Unknown

Error Code: invalid_request

Description: The 'redirect_uri' parameter must be a Login redirect URI in the client app settings:

We’ve lifted the generated the “Sign in redirect URIs” directly from Okta admin portal.

What are we missing?


@DeveloperBod What is the redirect URI you set in your OIDC app? And did you configure any redirect URI in your code?
Any docs you are following now?