Requesting /oauth2/default/v1/authorize with openid okta.users.manage as the scopes seems to succeed, but trying to get a token from /oauth2/default/v1/token then fails:
Thanks Andrea, I actually did read that thread, but I’m using the default authorization server, not a custom one. I haven’t even added any custom authorization servers, just using the default one.
The confusingly named “Default” authorization is actually a custom authorization server, its just the one that we create for you. The Org Authorization Server is different, and is the one used when making the request to /oauth2/v1/authorize and /oauth2/v1/token.
If you use these endpoints instead, can you get a token?