Authorizing Okta scopes: invalid scope error

Requesting /oauth2/default/v1/authorize with openid okta.users.manage as the scopes seems to succeed, but trying to get a token from /oauth2/default/v1/token then fails:

error=invalid_scope&error_description=One+or+more+scopes+are+not+configured+for+the+authorization+server+resource

What’s the obvious step I’m missing?

Custom Authorization Servers do not support the Okta API scopes, like okta.users.manage. See this thread and the linked documentation for reference

Thanks Andrea, I actually did read that thread, but I’m using the default authorization server, not a custom one. I haven’t even added any custom authorization servers, just using the default one.

The confusingly named “Default” authorization is actually a custom authorization server, its just the one that we create for you. The Org Authorization Server is different, and is the one used when making the request to /oauth2/v1/authorize and /oauth2/v1/token.

If you use these endpoints instead, can you get a token?

2 Likes

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.