OAuth 2.0 - system claims could not be evaluated Skip to main content
https://support.okta.com/help/answers?id=9062a000000xztqqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Krzysztof KarskiKrzysztof Karski 

OAuth 2.0 - system claims could not be evaluated

I am trying to implement the OAuth 2.0/OIDC using Okta as Identity Provider. I have sucessfully created the authorization server but I have run into a problem when trying to reach the token retrieval endpoint.
 
{
    "error": "server_error",
    "error_description": "One of the system claims could not be evaluated."
}

Steps to reproduce:
1. User visits the Get Authorization Code endpoint (/v1/authorize) as described in the Postman docs (I get the code and state back as expected)
2. Pass the code to my REST API, which then tries to obtain user tokens from Okta by visiting the Get Access Token With Code endpoint (/v1/token) as described in Postman docs (I get the error posted above as a response)

Question:
How can I find out what exactly went wrong?

All the claims in the authorization server are defaults and I didn't tinker with them. I have no idea which one is failing or why. I can retrieve the authorization server metadata from the API but trying to get user tokens keeps failing.

If you need any additional information please do let me know.
Taylor WellsTaylor Wells (Okta, Inc.)
This type of issue is best handled by our developer team. You can reach them at developers@okta.com. Please provide them as much information as possible. More information about this topic can be found in our documentation at:
https://developer.okta.com/use_cases/authentication/