OIDC discovery error

I am trying to setup OIDC with OKTA.

When committing the configuration, I hit into the following error. What could possibly cause this?

I did a curl to the discovery URL and able to receive response from it.

“code id_token”,
“code token”,
“id_token token”,
“code id_token token”


It looks like Vault does not have connection to the https://somecompany.okta.com/.well-known/openid-configuration, i assume this link is set as oidc_discovery_url parameter in OIDC configuration.
Can you verify the connection from the instance where Vault is running on to your oidc_discovery_url with curl for example. If the connection can be established to the provider, you should get a JSON in return.


Hello Martin,

Thanks for the reply. The attached json output was the curl response from the okta and executed from vault itself.

I suspect that something was not configured in okta side. When I paste the URL to browser, I got the following error code

{“errorCode”:“E0000022”,“errorSummary”:“The endpoint does not support the provided HTTP method”,“errorLink”:“E0000022”,“errorId”:“oaeu-ftiv-DRuK45ElXHGzO7Q”,“errorCauses”:}

I tried some common OIDC Discovery URL and it does have a sign-in screen

Issue resolved. The firewall is blocking some of the return traffic from okta service.

okta have some test script for the authentication flow to troubleshoot integration issue.