Okta React + embedded SignIn Widget returning

Any users assigned either via groups assigned to the app, or via ‘Everyone’ group or via individual assignments do not work, returning 401 error.

App.js →

const history = useHistory();

  const customAuthHandler = () => {

  const restoreOriginalUri = async (_oktaAuth, originalUri) => {
    history.replace(toRelativeUrl(originalUri || '/', window.location.origin));

return (
          <Route exact path="/" render={() => <Home />} />
          <Route path="/login" render={() => <Login />} />
          <Route path="/login/callback" component={LoginCallback} />
          <SecureRoute path="/users" render={() => <List />} />

The login page has the default embedded Okta SignIn Widget as mentioned in the react okta docs here - Sign in to your SPA with the embedded Okta Sign-In Widget | Okta Developer
(the mentioned src/Login.jsx and src/OktaSignInWidget.jsx are almost similar)

Following is config.js

export const securityConfig = {
    oidc: {
        issuer: 'https://{domain}/oauth2/default',
        clientId: 'clientId',
        scopes: ['openid', 'profile', 'email', 'address', 'phone', 'offline_access'],
        redirectUri: 'http://localhost:3000/login/callback'
    widget: {
        issuer: 'https://{domain}/oauth2/default',
        clientId: 'clientId',
        redirectUri: 'http://localhost:3000/login/callback',
        scopes: ['openid', 'profile', 'email', 'address', 'phone', 'offline_access'],
        useInteractionCodeFlow: true,
        colors: {
            brand: '#44acac'

What do I seem to be missing here, the okta react widget is almost identical to the one in the docs, any users used are assigned to the app in one way or the other yet the widget shows access denied. Is this a generic message which is displayed for many errors? Any help would be appreciated.

Sign-on Policy evaluation is AUTHENTICATE and Result is ALLOW in okta logs, not sure what then is failing exactly
Update: the following call is failing - POST https://dev-38323351.okta.com/idp/idx/identify

I was able to fix the issue, as I was using Interaction code, I had to enable it in the Okta admin dashboard. To do this go to

Security > API > Authorization server > Default auth server > Access Policies > Default Policy Rule > Edit Rule > Select Interaction Code checkbox if unselected

Your auth server/access policy/Rule may be different according to your use case but I am using all defaults.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.