I am trying to use the self hosted js widget, however when I use the okta-angular-oie-sample-quickstart I get the error:
“You are not allowed to access this app. To request access, contact an admin.”
this comes back from a POST to /idp/idx/identify made by the Okta js library which returns 401.
However when I use the same clientId and user with the redirect method the authentication succeeds.
I have double checked the set up instructions and cannot see any differences in my dev Okta instance.
Also in the system logs I see the following three events:
[Evaluation of sign-on policy][ALLOW]
[User login to Okta][SUCCESS]
[User single sign on to app][SUCCESS]
which might imply that the login was successful, however I get the above error and get bounced back to the widget login prompt.
Does anyone have any suggestions about what I can investigate or even better, what am I doing wrong.