User is not assigned to the client application

OAuth/OIDC connection. Integrated to a Java application. Getting this during the “authorize” request and redirect to the login?error page. But the login page is not even shown. How is the user even identified to create this error?

If the user doesn’t log all the way out, that could be one explanation for this behavior.

This diagram goes over the entire auth code flow, it’s during steps 2 & 3 is that the user is identified. It’s hard to say without more context, but you may be seeing this if there’s an existing okta session (or authn session token) cached. Your session can be cached locally in the browser or if you’re sending a session token into the /authorize call.

Can you verify that your app is logging users entirely out of both their app session and okta session?

Thanks for your response.

I’ve identified that the issue lies in the app not logging out the user from the previous attempt, preventing the flow from completing successfully. Consequently, the app is not reaching the logout phase.

Now, regarding my primary concern:

I’m running a Spring app behind a reverse proxy. The server hosting the Spring app is not directly accessible from the internet using its own name. Instead, we utilize an external domain name that gets reverse proxied to the origin server.

In the login flow, after the user enters their credentials on the login page and Okta redirects the request, it is sent with the server name that is not accessible from the internet:

External name → Reverse proxy → Internal name server

My question is: where does the Okta library pick up the internal name? I have an entry in the “” file, as follows, but I suspect it might not be utilized:

javascriptCopy code

Your assistance in resolving this matter is greatly appreciated.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.