403 forbidden from token endpoint

whodeee · June 17, 2020, 1:54pm

Hello I am trying to access the token endpoint from my javascript Cordova application and I am getting the 403 Forbidden error. I have verified that the client_id and other parameters are accurate by running the same scenario through Postman, but when I run the same request from my application I get the 403 error.

I can get the authorization_code in the app as well as receive the access_token and id_token if I call the authorization endpoint with id_token and token, however when I try the PKCE route I am running into that 403 Forbidden error.

I have had the issue with PKCE from a “Native” app. I have also tried a “Web” app but have gotten the same results. All seems to work through Postman but then I get the 403 Forbidden error in the app.

mraible · June 17, 2020, 5:15pm

Are you using Ionic + Cordova or just JavaScript? The reason I ask is because I’ve successfully used Ionic AppAuth to integrate authentication with Okta.

whodeee · June 17, 2020, 6:30pm

I don’t intend to use Ionic, it is just a JavaScript app.

mraible · June 17, 2020, 6:54pm

I’ll admit. I haven’t tried to use our APIs with raw JavaScript. I tend to use a library, like AppAuth-JS.

whodeee · June 17, 2020, 7:01pm

Okay, I can look into that library. Just seems a bit strange that Postman will connect through fine while using the “code” from Postman does not.

dragos · June 18, 2020, 12:34am

Hi @whodeee

Can you please check https://github.com/dragosgaftoneanu/okta-js-scripts/blob/master/auth-code-flow-pkce-spa/index.html? This sample does authorization code flow with PKCE in native JavaScript and gets the JWTs from Okta.

whodeee · June 18, 2020, 1:15pm

Thanks @dragos, I’ll check it out and let you know.

whodeee · June 23, 2020, 2:49pm

@dragos and @mraible I was able to solve my issue! I had to add “file://” to my Trusted Origin as well as adding it as a Redirect_URI for my app, then all worked well. Any issues you see using that?

mraible · June 23, 2020, 6:29pm

Were you able to add file:// as a Trusted Origin on Okta? I didn’t think that was possible. I thought only http:// and https:// was supported.

whodeee · June 24, 2020, 2:09pm

Yes, I was able to add it - specifically file://localhost:{portnumber}

whodeee · June 26, 2020, 6:27pm

@dragos and @mraible do either of you seen any issues with that Trusted Origin?

dragos · June 29, 2020, 5:17am

Hi @whodeee

There was a previous issue with adding file:// as extension for the URL, but it has been resolved, so the application should work successfully.

whodeee · June 29, 2020, 1:12pm

Thanks @dragos I thought I saw some mention of that before, but I couldn’t find where.

system · January 25, 2024, 4:51pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.