@okra-okta I looked at the client credentials flow, but the example is with a Custom Auth Server; when I tried that I got the error message:
{“error”:“invalid_scope”,“error_description”:“One or more scopes are not configured for the authorization server resource.”}
Custom AS does not support the OAuth for Okta API scopes, as noted in our documentation: Only the Org Authorization Server can mint access tokens that contain Okta API scopes.
Appears that I can’t get a token from a CAS, have to use the Org Auth Server