Requesting /oauth2/default/v1/authorize with openid okta.users.manage as the scopes seems to succeed, but trying to get a token from /oauth2/default/v1/token then fails:
error=invalid_scope&error_description=One+or+more+scopes+are+not+configured+for+the+authorization+server+resource
What’s the obvious step I’m missing?
Custom Authorization Servers do not support the Okta API scopes, like okta.users.manage. See this thread and the linked documentation for reference
Thanks Andrea, I actually did read that thread, but I’m using the default authorization server, not a custom one. I haven’t even added any custom authorization servers, just using the default one.
The confusingly named “Default” authorization is actually a custom authorization server, its just the one that we create for you. The Org Authorization Server is different, and is the one used when making the request to /oauth2/v1/authorize and /oauth2/v1/token.
If you use these endpoints instead, can you get a token?
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.