Fix OAuth Errors on Okta

Last updated: April 2026

Common Okta OAuth errors and the admin console settings to address them.

redirect_uri_mismatch

Okta Admin → Applications → Your App → General → Sign-in redirect URIs. Add the exact URI.

https://yourapp.com/callback
http://localhost:3000/callback

Enable PKCE

# Okta Admin -> Applications -> Your App -> General Settings
# Proof Key for Code Exchange (PKCE): require PKCE

# OktaAuth SDK config:
const oktaAuth = new OktaAuth({
  issuer: 'https://YOUR_DOMAIN/oauth2/default',
  clientId: 'YOUR_CLIENT_ID',
  redirectUri: window.location.origin + '/callback',
  pkce: true,
});

invalid_grant

Okta authorization codes expire after 5 minutes. Check: Admin → Security → API → Authorization Servers → Your server → Access Policies for token lifetimes.

CORS error calling Okta endpoints

Okta Admin → Security → API → Trusted Origins → Add your frontend origin with CORS enabled.

https://yourapp.com     # add with CORS type
http://localhost:3000   # add for development