I have my client application created in OKTA(auth code+ PKCE )
OKTA SSO from angular is working perfectly well
Using this token when try to call API service it throws an error
Request header
GET /backend/contacts HTTP/1.1
Host: localhost:8080
Connection: keep-alive
sec-ch-ua: " Not;A Brand";v=“99”, “Google Chrome”;v=“97”, “Chromium”;v=“97”
Accept: application/json, text/plain, /
Authorization: Bearer eyJraWQiOiJYWmtrSzZweUpVd01NMGs5NmhSSnpBbnhQdWVDSVpzSVA3YUIyaTktM0owIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULmxwVkJiZ1RHbUk5cUltZExCWFRGODdmU2FBRWhCWlNZOFpPN0poZWowanciLCJpc3MiOiJodHRwczovL2Rldi04ODI4OTU5Ni5va3RhLmNvbS9vYXV0aDIvZGVmYXVsdCIsImF1ZCI6ImFwaTovL2RlZmF1bHQiLCJpYXQiOjE2NDMxNTU2NTMsImV4cCI6MTY0MzE1OTI1MywiY2lkIjoiMG9hM29ranpwY3NvVzd6Z001ZDciLCJ1aWQiOiIwMHUzb2o1amc5SnQyZmZINzVkNyIsInNjcCI6WyJvcGVuaWQiXSwic3ViIjoicHJhc3VuYS5iYW5nbGFAZ21haWwuY29tIn0.gLE2amAiSkgXteCImrrnDVgEqrR46tUuIeVJFbLkq-W4qVNKGwtAH0qFuradmd9l-ObPRCz3CUO1n3QJjlYrdLTcyobi-blwlWG_MtbRbGkyEghtIkb2ucMxh0v_jEH3-keZxqdyoZZ8pZXt0zvcYOYlDd8SSsTylYzyUcEFxJL2tG3fjhLHN0QXwlZYSqsBT3iM97-yTRv0A1mu29pwWLHXBQZABXg8w2t-jVqakWHd3MeLukQQHeboRKmgu3ZtCz3o8Ld_IDtF7pDqYbnqurGdM4nurbYO2iPQTDBU6qenvT469Dz8wDlk9IRGZ42__vCOodHr2K_HlVn4BnVWMg
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
sec-ch-ua-platform: “Windows”
Origin: localhost:4200
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: localhost:4200
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Response header
-
HTTP/1.1 401 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Access-Control-Allow-Origin: localhost:4200 Access-Control-Allow-Credentials: true Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers WWW-Authenticate: Bearer error=“invalid_token”, error_description=“An error occurred while attempting to decode the Jwt: Invalid token”, error_uri=“RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage” X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Length: 0 Date: Wed, 26 Jan 2022 00:07:33 GMT Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
-
Request HeadersView parsed
-
GET /backend/contacts HTTP/1.1 Host: localhost:8080 Connection: keep-alive sec-ch-ua: " Not;A Brand";v=“99”, “Google Chrome”;v=“97”, “Chromium”;v=“97” Accept: application/json, text/plain, / Authorization: Bearer eyJraWQiOiJYWmtrSzZweUpVd01NMGs5NmhSSnpBbnhQdWVDSVpzSVA3YUIyaTktM0owIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULmxwVkJiZ1RHbUk5cUltZExCWFRGODdmU2FBRWhCWlNZOFpPN0poZWowanciLCJpc3MiOiJodHRwczovL2Rldi04ODI4OTU5Ni5va3RhLmNvbS9vYXV0aDIvZGVmYXVsdCIsImF1ZCI6ImFwaTovL2RlZmF1bHQiLCJpYXQiOjE2NDMxNTU2NTMsImV4cCI6MTY0MzE1OTI1MywiY2lkIjoiMG9hM29ranpwY3NvVzd6Z001ZDciLCJ1aWQiOiIwMHUzb2o1amc5SnQyZmZINzVkNyIsInNjcCI6WyJvcGVuaWQiXSwic3ViIjoicHJhc3VuYS5iYW5nbGFAZ21haWwuY29tIn0.gLE2amAiSkgXteCImrrnDVgEqrR46tUuIeVJFbLkq-W4qVNKGwtAH0qFuradmd9l-ObPRCz3CUO1n3QJjlYrdLTcyobi-blwlWG_MtbRbGkyEghtIkb2ucMxh0v_jEH3-keZxqdyoZZ8pZXt0zvcYOYlDd8SSsTylYzyUcEFxJL2tG3fjhLHN0QXwlZYSqsBT3iM97-yTRv0A1mu29pwWLHXBQZABXg8w2t-jVqakWHd3MeLukQQHeboRKmgu3ZtCz3o8Ld_IDtF7pDqYbnqurGdM4nurbYO2iPQTDBU6qenvT469Dz8wDlk9IRGZ42__vCOodHr2K_HlVn4BnVWMg sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 sec-ch-ua-platform: “Windows” Origin: http://localhost:4200 Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost:4200/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
const oktaConfig = {
issuer: ‘https://dev-123.okta.com/oauth2/default’,
redirectUri: window.location.origin + ‘/implicit/callback’,
clientId: ‘xyz’,
pkce: true
};
okta.oauth2.client-id=xyz
okta.oauth2.issuer=https://dev-123.okta.com/oauth2/default
okta.oauth2.groups-claim=groups
okta.oauth2.audience=https://dev-123.okta.com/oauth2/default/v1/token
read localhost:4200 as http://localhost:4200