Problem statement
I’m trying to log in with Okta OIDC from Universal Login (Auth0 as SP) with the Okta connection button, but it comes back with an error.
Error in the test page:
"the resource owner or authorization server denied the request"
Callback with error: “Status 400”
Steps to reproduce
Follow the 6 steps here, and then either of the below steps:
- Try the connection button within the dashboard
- Login and click on the connection button
Cause
As explained in this article,
Using the URL of the form https://org.okta.com/oauth2/default/v1/authorize requires an additional
paid feature of API Access Management which is used for custom authorization servers.
Solution
As per this article,
Instead, use the URL https://org.okta.com/oauth2/v1/authorize` to access the default authorization server for Okta without API Access Management.`
The changes should be done within the connection in both:
- Authorization URL
- The request in the Fetch User Profile Script