Error reason: Salesforce connected apps use OAuth policies to control which users can access the app. If a user's profile is not explicitly approved to access the app, Salesforce will block the authentication request, resulting in an “Access Denied” error.
Solution
1. Pre-authorize user profiles that will use the package by adding the necessary profiles to a connected application included in the package.
Navigate to Setup and search for Manage Connected Apps.
Find the connected application named JWT Metadata API Auth Provider in the list and click its name to view the details.
In the OAuth Policies section, confirm that Admin approved users are pre-authorized is selected under Permitted Users. If it isn't selected, click Edit Policies, set it to Admin approved users are pre-authorized, and then click the Save button.
Add profiles that will use the package by clicking the Manage Profiles button in the Profiles section. After selecting the appropriate profiles, click Save.
2.Go to Setup and search for Remote Site Settings.
3.In the list, confirm that the addresses named SALESFORCE LOGIN and SALESFORCE LOGIN STAGE are marked as Active. If they are inactive, click Edit next to the respective name, select the Active checkbox, and then click the Save button.