OAUTH_ERROR while using Okta widget with g+ signin

Hi there
I am using the Okta widget with social login, G+. After authenticating with G+ I get the following error

“OAUTH_ERROR: The authorization server encountered an unexpected condition that prevented it from fulfilling the request”

I don’t see any error in the Okta system log or G+ error logs.

I am passing the baseUrl, clientId (defined as OIDC app in Okta) and redirectUri, also defined in the OIDC app and Idp id as defined in my Okta preview as g+ Identity Provider.

I would appreciate your help

What is your Okta Org URL? You should also have a x-okta-request-id HTTP header in your response that would be helpful for troubleshooting.

Okta Org URL: https://dev-284655.oktapreview.com

I don’t see any x-okta-request-id HTTP header in the response

Thanks for your help!

Please see my reply…

Something seems odd. What are you doing in your widget success callback? I see a request to GET /login/sessionCookieRedirect?checkAccountSetupComplete=true&token=******&redirectUrl=http%3A%2F%2Flocalhost%3A8080%2FTestOKTADyna%2Fmain.html%23state%3DMY_STATE_123456711891111%26error%3Dserver_error%26error_description%3DThe%2Bauthorization%2Bserver%2Bencountered%2Ban%2Bunexpected%2Bcondition%2Bthat%2Bprevented%2Bit%2Bfrom%2Bfulfilling%2Bthe%2Brequest.

This doesn’t seem right. You shouldn’t need to hit sessionCookieRedirect for an OAuth request.

You you also make sure you are NOT trying to assign the user to Everyone group as part of your Google IdP config?

I removed the Everyone group from Idp configuration and worked like a chime…

Thanks for your help but I don’t understand why it does not work for Everyone group assignment!

Everyone group is a read-only group. Membership is implicit. We have a open bug in the backlpg to prevent you from selecting Everyone in the picker.

Great, thanks a lot for your help.