I am going through the Okta authentication flow in Postman starting with using the /api/v1/authn with the username and password, then retrieving the session token from this response and passing it to oauth2/…/v1/authorize to retrieve the token and id_token. However, the id_token that we receive back is not the correct user. What seems to be happening is we logged in as one user and got the correct id_token, then tried to log in as another user but got the first person’s id_token. Is there something in the oauth2 request that is user specific or is it just the session token? I am thinking that we are just passing in some of the first users information when in this second step of the authorization process for the second user that maybe we shouldn’t be.
I have figured out that I needed to clear the current session in order to log in as a different user. Sessions | Okta Developer
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.