The redirect URI sent in the authorize request from the client needs to match the redirect URI in the IdP. This is the URL where the IdP returns the authentication response (the access token and the ID token). It needs to be a secure domain that you own.
Note: These steps cover the Okta org to Okta org scenario. When configuring another generic OIDC IdP, go to the IdP and add the Okta redirect URI there.