This article will address getting a 401 Error Failed to authenticate request. Please check your headers when attempting to Invoke a flow with an API endpoint using OAuth 2.0, either through a third party or via testing via Postman or Workflows, as shown in Invoke and Test an OAuth 2.0 Secured API Endpoint.
- Workflows
- Custom Domain used for authentication
- Invoke a flow with an API endpoint using OAuth 2.0
- Okta Classic Engine
- Okta Identity Engine (OIE)
This can occur when a single Custom Domain is used for authentication with the Okta Org that is tied to Workflows, and the audience value set when setting up the JWT, as well as the token endpoint used to request a token, are configured to use the default domain. If the Okta Org uses a single Custom Domain, Workflows expects auth to occur via that domain.
NOTE: If there is no Custom Domain or more than one Custom Domain (Workflows would not know which to associate with), the default Okta domain would be used. See Workflows Console Required to Authenticate Custom Domain for more information on the Custom Domain behavior.
Use the following steps to update the audience value and the token endpoint to use the Custom Domain instead of the default Okta domain.
-
Verify:
- audience value configured for the JWT.
- The token endpoint/url used to request a token.
-
Update both values to use the custom domain instead of the default Okta domain (for example, use
<login.example.com>instead of<orgname.okta.com>).
