I’m very new to Okta and Postman and I’ve been reading docs for a day and a half.
I’ve been trying to follow theses docs and read the topics that come up while creating this post. None of it seemed to help.
Sounds like you’re trying to make an /authorize call with a service app, but, if you want to get tokens for a service app, you should be hitting the /token endpoint only. The authorize endpoint would only be made in OpenID user authentication flow, which isn’t needed for service apps completing Client Credentials flow, which is a machine-to-machine flow
I’m a bit confused. I’ve read that article before and again today but didn’t understand what it was saying or where to go to do so.
It mentions basic auth and this curl code but I don’t know where I’m supposed to input it, let alone what information my app is supposed to use. " ‘authorization: Basic MG9hY…’ " doesn’t look complete and I don’t know where to find the code for my app.
This is the part of the doc I’m referring to
"
Base64 encode the client ID and secret and then pass through Basic Authentication (opens new window)in the request to your Custom Authorization Server’s /token endpoint:
curl --request POST
–url https://${yourOktaDomain}/oauth2/default/v1/token
–header ‘accept: application/json’
–header ‘authorization: Basic MG9hY…’
–header ‘cache-control: no-cache’
–header ‘content-type: application/x-www-form-urlencoded’
–data ‘grant_type=client_credentials&scope=customScope’
"
It mentions using basic auth, which hasn’t worked yet either.
Also for the encoding section where do I use this new encoded client id/secret? is it one of the fields in the curl request or somewhere in postman?
The document also doesn’t mention how to do this in postman which is what I’ve been told I’m required to use to get the token.
