I’m trying to replicate/automate the login process, using a non mfa account in postman.I need to generate the token in other to pass it to my test. In the process, i need the code (code challenge) to pass in to the body.
Below is my process
I got my code challenge using this url - Online PKCE Generator Tool
I copied the full request url to the browser and got the code value as shown below
Looking thru the okta logs, there is no error recorded
I knew the second call was going to fail since i couldnt get pass the first stage but below are my steps as shown below
The value for code was what was gotten from the browser url.
Any suggestion as to why the first step is failing?
I use postman version 10.17.1
Is the target app a custom application you created using one of Okta’s SDKs? that sounds like the error our AuthJS SDK (and the related JS SDKs of ours built on top of it) would throw if the /authorize request was NOT initiated by the application.
Our SDKs will normally handle setting certain values for you (including the code_verifier and code_challenge) and include them in the /authorize request it initiates. Part of what it is doing involves storing the code_verifier it generated into the user’s browser’s storage so that the SDK can pull the value out again when it needs to make the /token request.
This is all to say: if the SDK did not initiate the /authorize request, it will be unable to complete the /token request to get tokens for the user.
Yes, its a customized OIDC app using okta SDK. Thanks for updating this. However, is there a way I can generate access Token for such app via postman ?
You can try the steps outlined here, but you can run into some issues if the user you are testing with has MFA requirements (namely applies tot he application itself): How to get tokens for an OIDC application without a browser using curl/Postman | Okta Help Center