OpenID User not allowed access to App when switching from Client Secret to Public key / Private key

saschaschwarz · November 23, 2025, 2:47pm

I am developing an App and using Okta OpenID as authentication. Everything works fine as long as I use client secret as client authentication. The user can login, I get the groups.

But as soon as I switch the client authentication Public key / Private key, upload the public key. I get a user not authorized for this app message after the user logen in with his userid. The user is assigned to a group where the app is assigned too.

andrea · November 24, 2025, 4:04pm

Do you have anything in your logs explaining what is causing this particular behavior? For example, is the user actually receiving tokens or is there maybe an API error when your application requests those tokens?

saschaschwarz · November 24, 2025, 8:05pm

Hi, after tinkering around I generated a key in the UI instead of uploading it and after that it worked, I did not made any changes to my code, just rotated the keys.

Post		Replies	Views
How to rotate public/private key pair using client credentials grant flow? Questions	13	5357	January 22, 2021
How authorize request works for apps installed from a public app OAuth/OIDC	3	2396	August 8, 2022
Is it possible to change/update JWKs in an APP? how? Questions	1	3331	March 5, 2021
OIDC + API calls OAuth/OIDC	10	3692	June 24, 2022
Is it possible to get a client id/secret for every user instead of app OAuth/OIDC	1	3219	December 11, 2022

OpenID User not allowed access to App when switching from Client Secret to Public key / Private key

Related topics