What's causing the error 'AuthSdkError: The redirectUri passed to /authorize must also be passed to /token'?

I’m using the okta-react library for login (connecting to a dev Okta environment) and have set the config to use pkce, but in firefox it intermittently displays this error. If I refresh the page, I’m logged in as expected and it displays the content. If I don’t use pkce, it doesn’t cause this issue.

I can’t find anywhere that references this. What have I done wrong?

Hi @jmgoodin

Can you please open a support ticket with us at developers@okta.com in order to have this issue investigated by one of our Developer Support Engineers?

Hi @jmgoodin ,
We are having the same issue with one of our applications. Do you have any luck with this further? Thank you in advance.

Hi @Narendra,
I’m still working with the support engineers, it’s happening very intermittently so it’s hard to get something where it happens consistently. Will post here if we find out what’s going on!
You could also raise a ticket with them, as you might be able to provide some more insight.
It’s good to know it’s not just me though!

I got same problem when access_token expired and i go back on my website, Any solution Okta ?

Having this issue as well. Looks like the error is thrown from pkce.js in okta-auth-js. What seems to be the cause in my case is that okta-auth-js is using localStorage to store temporary codeVerifier and redirectUri params, but that data gets cleared after exchanging code for tokens. I noticed the issue when I had two tabs of my app running simultaneously and both were performing token renewals at roughly the same time.

1 Like

Did anyone fix this issue yet?

I am seeing this error with the @okta/okta-angular package as well. This happens intermittently on refresh/token renewals.

Anyone found a workaround?

We are seeing this error quite frequently in @Okta/React and havent found any way to work around it. Any tipps or hints or info when this might be fixed would be greatly appreciated.

We are using 1.3.9, which is not the latest version of okta-react, I found out a way for work around this
instead of using provided ImplicitCallback Component, you can provide your own and add this to render() function:
if (!this.state.authenticated &&
this.state.errorCode === “INTERNAL” &&
this.state.error === “AuthSdkError: The redirectUri passed to /authorize must also be passed to /token”) {
return <Redirect to={"/path"} />;

the key thing here is letting this customized implicitcallback allow browser redirect to desired path, here “/path” is just an example, it should be your own one, usually the one you want to land user to after okta login procedure

Hope this helps

If any of you are still watching this (or any new people coming across it). Okta has made a change to the okta-auth-js 3.1.3 code and released it in okta-react 3.0.2. Since it’s so intermittent (at least for me), I’m going to let some of our testers throw some auto tests at it and see if they can still reproduce the error, but if you want to give it a go and see if it fixes it for you, the more the merrier!