Okta-Okta OIDC external IDP does not work

In order to verify solution to connect 2 okta account via OIDC IDP. I applied 2 okta trial accounts: trial-8865512, trial-3095688, trial-8865512 has an SPA(Single Page Application) App1, authenticated with PKCE. trial-3095688 has an SPA(Single Page Application) App2, also authenticated with PKCE.
All my users are stored in trial-3095688, now I added trial-3095688 as OIDC external IDP of trial-8865512.
My purpose is to make user logined into App2 (with trial-3095688) , the user can be single signed on to App1(via OIDC external IDP).
I added IDP routing rule to route all users who is accessing app1 will be routed to trial-3095688 for authentication.

Now when I try to access App1, the browser will be redirected to trial-3095688 for authentication, after user login successfully, when the browser is redirected back to trial-8865512, it shows error message : Error:Could not acquire access token from authorization code.

Can anyone help to check what’s root cause of this error? thanks in advance.

The specific error “Could not acquire access token from authorization code” typically occurs during the token exchange process of the OAuth flow.

You can verify the following:

1. In trial-8865512:

• Go to Security > Identity Providers > Add Identity Provider > OpenID Connect
• Locate the Token endpoint field

2. In trial-3095688:

• Navigate to Security > API
• Find the Token endpoint under the “OAuth 2.0” section

3. Compare the two URLs:

• Ensure they match exactly
• Check for any discrepancies in:
  • Protocol (https://)
  • Subdomain
  • Domain
  • Path
  • Any trailing slashes

4. If any differences are found, update the token endpoint URL in trial-8865512 to match trial-3095688 precisely.

Note: Even minor discrepancies can cause token exchange failures, so double-check the entire URL carefully.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.