Openid authentication is not working in prod okta account, but works in dev account

I configured my app integration with dev okta account following this instruction: Flask Tutorial: Simple User Registration and Login | Okta Developer. However, when I try to do the same steps for the prod okta account it doesn’t work:
401 Client Error: Unauthorized for url: https://{orgname}
Authentication policies for app in both accounts are identical.
I also noticed that in the dev account OIDC identity provider was automatically created, which was not the case in the prod account, so I created an identity provider in the prod account myself, but still no success.
I double-checked client_id, client_secret, domain, and API token.

I would appreciate any ideas of what I can be missing here.

Does your Prod Okta org have the ability to use the Default Authorization Server (typically, this requires the API Access Management license)?

If not, you will want to look to use the Org Authorization Server instead, which means your endpoints will need to be updated. For example, the auth_uri will need to change from https://OktaDomain/oauth2/default/v1/authorize to https://OktaDomain/oauth2/v1/authorize, and so on.

In security → API I don’t have Server tab, I guess that means that we are not able to use default server (is it possible that I just miss some permissions in admin account?). If I just remove default from all urls, I get

404 Client Error: Not Found for url: https://{org}

Yup, if you don’t see Security → API → Authorization Servers, you won’t be able to use a custom Authorization Server. The correct well-known endpoint for the Org AS is https://{org}

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.