<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Error "400 Bad Request" - "The redirect_uri Parameter Must Be a Login Redirect URI in the Client App Settings"
Apr 1, 2026
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview

This article clarifies why the error below occurs during the /authorize request of an Implicit Flow or Authorization Code Flow using OpenID Connect (OIDC) or OAuth, and provides instructions for configuring the application to support the requested redirect_uri:

 

400 Bad Request

The 'redirect_uri' parameter must be a Login redirect URI in the client app settings.

 

Error Message

Applies To
  • Authorize (GET /authorize) request of Implicit Flow and Authorization Code Flow
  • Implicit Flow
  • Authorization Code Flow
  • OpenID Connect (OIDC)
  • Okta Classic Engine 
  • Okta Identity Engine (OIE)
Cause

This error occurs because the value of redirect_uri used in the authorize request is not registered in the OIDC client in Okta as an allowed Sign-in redirect URIs.

Solution
  1. Ensure that the redirect_uri used in the authorize request matches the configuration in the Okta Admin Console.
  2. Verify the Redirect URI:
    • In the following example of an authorize request, identify the redirect_uri parameter:

https://example.okta.com/oauth2/v1/authorize?client_id=0oaxxxxxxxx357&scope=openid+profile&response_type=id_token&nonce=1234&redirect_uri=http://localhost:8080/authorization-code/callback&state=someState

 

  1. Ensure that the redirect_uri (http://localhost:8080/authorization-code/callback) is registered as an allowed Sign-in redirect URI in the OIDC application settings. 
  2. Update application settings:
    1. Go to Applications > Applications in the Okta Admin Console.
    2. Select the specific OIDC application.
    3. In the General tab, click Edit.
    4. Add the exact Redirect URI from the authorize request to the Sign-in redirect URIs section.

 General settings

NOTE: The Sign-in redirect URIs must be an exact, case-sensitive match, including trailing slashes, with the URI included in the authorize request.

    1.  Click Save.

 

Troubleshooting With System Logs

  1. Search the Okta System Log for these events using one of the following filters:
    • outcome.reason eq "illegal_redirect_uri" 
    • outcome.reason eq "illegal_redirect_uri_enhanced" 
  2. Click on Expand All.
  3. Review the DebugContext section to find the exact redirect_uri used in the failed authorize request.

Expanded event

 

Related References

Recommended content

Still looking for help?
Loading
Okta Error "400 Bad Request" - "The redirect_uri Parameter Must Be a Login Redirect URI in the Client App Settings"