I was following the following thread Automating Authorization Code Flow , however, I’m not even able to get a session token.
We have a SPA application with the Authorization Code grant type and we have a test user that has a security question as MFA (MFA can’t be completely removed even for the test user).
When I’m trying to call
api/v1/authn I get:
“errorSummary”: “Authentication failed”,
This Authentication | Okta Developer says that there are only 3 reasons for 401:
- invalid credentials
- locked out accounts
- access denied by sign-on policy
I am able to login with this user via UI so I don’t think it is an issue. The only difference is the security question but I haven’t found how to pass it (or if I need to) to get the session id.
Is there anything that I’m missing?