The example uses st in the adress to access Freja instead of ct. Because of this the test id in freja does not work, neither does production id. Therefore a user can not reach the protected page. There is no clear way to change the callback url which makes it hard to use your own credentials in application.yml.