Okta Widget Issues w/ renderEl

error: The ‘redirect_uri’ parameter must be an absolute URI that is whitelisted in the client app settings.

  • I’m not administering the okta setup, but am told the domain is setup in the trusted, and have seen a screenshot of the login redirect uri (points to correct location).

  • If you reload the page, after getting the dev console error msg above, everything works ok (I assume the cookie is set?)

  • same code runs ok on dev, submitting to domain.oktapreview.com without this issue

  • This only occurs if they login to the local login form, does not occur if they are coming in from Okta dashboard (3p c I assume)

  • I’ve reviewed the other redirect_uri issues and have done some of that (lowercase, ask admin to check settings etc)

abbreviated/cleaned code:

       el: '#oktaWidget'
    function success(resp) {
        var oktaUserInfo = getOktaUser();

            var ckOkta = ckOkta(res);

                // business logic then 
                // write a hidden form and pass to normal app login processing



function getOktaUser() {
    return $.ajax({
        type: "get",
        url:  oktaURL + "/api/v1/users/me",
        xhrFields: {
            withCredentials: true

Hello Mork,

When you see this error on Okta, go to your browser’s address bar and copy the URL. Paste it into an editor that makes it easier to read the whole thing. Look for the redirect_uri parameter and you’ll see what it sending to Okta. Make sure that value is registered for your app and everything should work.

Hope this helps,


Hi @Mork

Besides the use-case provided by Matt, this error can occur also if the wrong redirect_uri is sent, for example:

  • preview environment was copied to prod, but redirect_uri was not updated correctly (either in the application or in prod tenant in Okta)
  • the redirect_uri is on http/https and the URL in Okta is on https/http
  • the redirect_uri contains a trailing slash
  • the redirect_uri in the app and/or Okta does not have the full path to the callback endpoint, while on the other side it’s added

I’ve confirmed the ‘Login Redirect URI’ is the same as the URI in the request (other than the url encoding). I’m still getting the whitelist redirect_uri in the client error. Any other thoughts?

There is no trailing slash on either side, the redirect points to a file name.

There were a couple letters that didn’t match the case. Silly, but fixed. Thank you for the help.