Can't get the token_id

Hope this is not a duplicate, i could not find anything for the issue and since i am a bit of a noob the documentation is a bit overwhelming.
I am trying to automate getting a token id using api requests for some automation api testing .
This is the code:
auth_data = {“username”:“,my_username”,
auth =“”,data = json.dumps(auth_data))

this first request works fine, i get a sessionToken id.

authorize = requests.get(‘ =myclientid&response_type=id_token token&scope=openid email profile&redirect_uri=redirect uri from okta app&state=session_token_id&nonce=my_nonce’)

#the response of this code instead of a url with a token_id i get something like this:

We have implicit flow setup in okta(not something i can change).
What am i missing?
Thank you

Hi @Blitz welcome! State is a diff parameter from session token i.e. they have diff values. You can use the following call instead - Work with Okta session cookies | Okta Developer.


Which token id are you looking for, is it the jti claim in the user’s ID token for an OpenID Connect application?

If you’re seeing an okta_key in the URL, that means the user hasn’t yet completed log in to your application. You should wait until your user has completed authentication and instead read the id_token that will returned to your redirect_uri via implicit flow, which will contain the jti claim within the token payload


While searching for solutions there was one where state was equal to sessionToken and i just left it as that, was not sure if i could just put something random in here.
Thank you for the reply, i got exactly what i needed using the url in the documentation.

Thank you for the clarification, i suspected it had something to do with the login, at first i thought the /authn endpoint took care of that:D. Was able to resolve the problem with the documentation provided in the response sigama gave.
If anyone else has this issue i would like to add that in order for token id to work as the bearer i had to setup the request with allow_redirect = False and get it from .headers, for some reason using directly the url to get token id and use it in other requests gave response 401.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.