You are not allowed to access this app. okta-angular-oie-sample-quickstart

martin.b · May 30, 2023, 1:52pm

I am trying to use the self hosted js widget, however when I use the okta-angular-oie-sample-quickstart I get the error:
“You are not allowed to access this app. To request access, contact an admin.”
this comes back from a POST to /idp/idx/identify made by the Okta js library which returns 401.
However when I use the same clientId and user with the redirect method the authentication succeeds.

I have double checked the set up instructions and cannot see any differences in my dev Okta instance.

Also in the system logs I see the following three events:
[Evaluation of sign-on policy][ALLOW]
[User login to Okta][SUCCESS]
[User single sign on to app][SUCCESS]

which might imply that the login was successful, however I get the above error and get bounced back to the widget login prompt.

Does anyone have any suggestions about what I can investigate or even better, what am I doing wrong.

martin.b · May 30, 2023, 2:38pm

SOLVED:
If anyone else comes across this error for these Interaction Code flows, there are three places to enable it.

On the org itself (otherwise you can’t set the next two)
On the authentication server (this was missing for me)
On the application

It is a shame the system logs did not indicate the failure in some way.

system · May 31, 2023, 2:38pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.