Hi Fransiska,
Okta has nice debugging tool, you can find it once you log-in to your developer console, you can find under Reports > System Log. That should give you a hint as to whether the request from Genesys Cloud reached Okta APIs, and why it failed. You may want to double-check that redirectURI defined in JS is matching the one you defined in you Okta Application > General > Login > Sign-in Redirect URIs, otherwise validation will fail.
If that doesn't help, you can raise a ticket with Genesys Care and DM me that ticket number.
I looked at Okta System Log, i can see log request came from webmessaging (see all below screenshot), does it means request from Genesys Cloud was succesful to reached Okta API ?
And i have another question is redirectURI in Genesys authPlugin need to be same as in Okta RedirectURi ?
If not what redirectURI we need to set in Genesys authPlugin script (below screenshot) ?
Yes the Okta trace is showing request coming from Genesys Cloud.
Yes the redirectURI passed in the getAuthCodemust match the one you configure in Okta's Sign-in redirect URI field, as I mentioned earlier, otherwise the validation will fail (even if Okta shows success).
Okta requires client to pass also nonce attribute, although it shouldn't be mandatory based OIDC standard. For that to work, you will need to determine value of nonce which is provided back from Okta after you sign-in. This value is returned by Okta in a local Cookie named okta-oauth-nonce (more details here if you're interested) once the user is redirected back to the website. So you should parse that Cookie and pass it in getAuthCode.
I can see from your comments we can improve Blueprint for further clarity on these points, thanks!
