Cannot Authorize with Scope

Trying to authorise whilst requesting the okta.users.read.self scope, yet i am receiving this error:

Upon trying to add the above scope to my default authorization server (in the scopes tab) I get an error message saying that the name is reserved. Where am I going wrong here? Without request the above scope I can login fine. I’m just trying to read a Users API

Configuration for my vue app:

{
issuer: ${Config.OktaBaseUrl}/oauth2/default,
clientId: Config.OktaClientId,
redirectUri: ${window.location.origin}/implicit/callback,
pkce: true,
scope: [‘okta.users.read’]
}

Your first picture got removed or something… Did you allow that scope in the OIDC application?

I tried to add the scope to the Authorization Server/Scopes tab but received the ‘reserved name’ error. Is there somewhere else I should be adding this?

edit: It looks like i dont have the full permissions and i was missing the Okta API Scopes tab for the application.

I’m talking about this one for OIDC app

and then

Hi @grantdperkins

The OAuth for Okta scopes can be used only on the org authorization server (eg. issuer set to https://yourOktaOrg.okta.com) which, in the example provided, is under ${Config.OktaBaseUrl}.

Also, the request needs to be Authorization Code flow instead of PKCE flow as described here, which would require a back-end server in order to successfully request the access token.

1 Like

Yeah I am still getting the same error after granting the scope to the Authorization Server. The error message is slightly confusing though:

This pointed towards not having the scope available at all, and in the docs it states the recommended flow is Authroization Code flow rather than enforced (unless i’m missing something). Now about to try authenticate via the backend server, however this is a bit more of a pain being an SPA.