Access issues with newly provisioned orgs might appear if running sample apps using an Okta SDK or if implementing Quickstart guides. The SDKs and Quickstart guides typically reference the default custom authorization server to mint access tokens. Orgs provisioned with the ability to use custom authorization servers before the 2024.08.0 release can continue uing the default custom auth server without needing to make any changes.
For all other orgs, users may see the following error when signing in and the following error appears in the system log.
You are not allowed to access this app. To request access, contact an admin.
OAuth2 authorization request FAILURE: no_matching_policy
- API Access Management
- Default Custom Authorization Server Access Policy
- OAuth 2.0
As per the 2024.08.0 release, all new orgs, including those available from the developer.okta.com sign-up page, are no longer provisioned with a pre-set Access Policy on the "default" Custom Authorization Server.
Add an API Access Policy to the default Custom Auth Server (see Create access policies), or change the issuer reference in the sample SDKs and Quickstart guides to the Org Authorization server, if applicable.
- For example, issuer: 'https://<OktaDomain>/oauth2/default' to issuer: 'https://<OktaDomain>/'.
Check the default authorization server policy to verify that it applies correctly to the desired use case.
