Ok many topics with the same issue but I haven’t found a solution yet. Even though my access token is valid, I still get a 401 on the userinfo endpoint. What is the problem? I do not have anything in the system logs.
$access_token = 'new_valid_token_I_have_after_login'
$userinfo_endpoint = 'https://dev-85960002.okta.com/oauth2/v1/userinfo'
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $userinfo_endpoint);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"Authorization: Bearer ". $access_token,
"Accept: application/json",
));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, 1);
$output = curl_exec($ch);
curl_close($ch);
Response;
[status] => HTTP/1.1 401 Unauthorized
[Date] => Thu, 17 Jun 2021 16:45:57 GMT
[Connection] => keep-alive
[Server] => nginx
[Public-Key-Pins-Report-Only] => pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
[x-okta-request-id] => YMt8RRD8cfp1p1gOKscSkQAAA58
[x-xss-protection] => 0
[p3p] => CP="HONK"
[access-control-expose-headers] => WWW-Authenticate
[www-authenticate] => Bearer authorization_uri="http://dev-85960002.okta.com/oauth2/v1/authorize", realm="http://dev-85960002.okta.com", scope="openid", error="invalid_token", error_description="The access token is invalid.", resource="/oauth2/v1/userinfo"
[content-language] => en
[Strict-Transport-Security] => max-age=315360000; includeSubDomains
[set-cookie] => sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/