Redirect fails after Okta Verify Success

BirdThunderford · January 23, 2021, 1:03am

I’m building a flask server that ties into our company’s Okta verification. Everything looks good and the redirect jumps to the okta sign-in page. When it asks me for an Okta verify push it pings my phone as expected and once I confirm on my phone the browser only says “Not Authorized”.

Our on-site Otka manager checked the logs and from the looks of it I was successfully verified.

This is the response I received in from the flask server logs:
“GET /oidc/callback?state=eyJjc3JmX3Rva2VuIjogIjc3Qy1yVXNLS3pMMWRHeDlaem83ZmdqSUM0ZWkzVTAxIiwgImRlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6VXhNaUo5LkltaDBkSEE2THk5aGJtbHRkR1ZqYUhkbFlpNXVhV05yTG1OdmJTOXNiMmRwYmlJLkYxLXk1em5iaURFU0c4Umt1YjBsbjRwNU4wVnRKWmpkVm14ZnFXRXl1R1BULTl6SWVDSVBKU2ZOVGdURXBnWmx2aGhvaDZFblY2Qlg3QlJ0aWlUX2NBIn0%3D&error=access_denied&error_description=Policy+evaluation+failed+for+this+request%2C+please+check+the+policy+configurations. HTTP/1.1”

Has anyone encountered this before?

Thanks!

phi1ipp · January 23, 2021, 4:25am

check if you OIDC application is allowed at the authorization server level

erin.p · January 25, 2021, 6:23pm

I would also suggest checking that the user who is trying to access the application is assigned to it as well as your scopes

BirdThunderford · January 25, 2021, 6:49pm

My apologies. I’m still a bit unfamiliar with the process. Can you explain what this means and where to adjust it on the okta site?

BirdThunderford · January 25, 2021, 7:28pm

Thanks for the suggestion. I’m not sure what scope this might fall under. Is there a way to find out? What’s the downside to having them all granted?

Thanks!