Team, I used the authorization code mode of okta to obtain tokens and an error occurred. Could you give me some help? I used C#. Here are some screenshots of mine
In your screenshots, I can see that you are including client credentials both in a Basic auth header AND as a client_id and client_secret in the body.
If you remove one of these (either the Authorization header OR both of the attributes in the request body), does the call work?
The structure of the call to /token is
Authorization: Basic {Base64(0oauq08tf2LifQvoi4x6:<client_secret>)}
Content-Type: application/x-www-form-urlencoded
Content: {grant_type:client_credentials, scope: "okta.users.read"}
The client id and secret in the authorization header, and not the body (see more here).
In postman, I find it easiest to use the Authorization tab with Basic Auth to supply the client id as the username and secret as password, and remove the code, client_secret_and client_id values from the request body.
Authorization tab:
Body:
In c# you would need to do similar, but you need to set up the the Authorization header to reflect:
Authorization : Basic clientid:clientsecret with the client id and secret base64 encoded.
1 Like