OKTA issue while application is logging in

I am using Authorization grant type-authorization code in my java application (not sping boot).

I have the below issue.

  1. In browser enter okta server url
  2. okta authenticates
  3. now it enters into okta console and shows all the applications that user have proper access to
  4. I clicked on my application → it takes me to my application properly.
  5. I just clicked X to close the tab.
  6. Then again I clicked on application, its not returning access token and id token. It throws 400 error when i call /token endpoint.
  7. Then I clicked on X to close the tab.
    8 I did the same step 6 & 7, it worked good…
  8. Again step 6 & 7, it throws me 400 error.

Summary, it works good alternatively. I am not sure what is happening.

When I check log in okta server, there is no scope defined when it throws 400 error. It passes scopes correctly alternatively. Is this something to do with this issue?

Are you able to log what error message you get for /token endpoint?

Yes, I am seeing the below message.
java.io.IOException: Server returned HTTP response code: 400 for URL: https://XXX.oktapreview.com/oauth2/<auth_id>/v1/token

Hi Angeline, can you DM your org details so I can take a look at the system logs?

Thanks for all the responses.

Found the issue. Looks like okta code is becoming invalid when tab is closed and when i try to use the old okta code it threw me 400 error. Changed my code flow to get new okta code whenever the application is triggered from okta dashboard. That solved the problem.

That makes sense.

According to the docs, the code expires after 300 seconds.
Implement authorization by grant type | Okta Developer.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.