Hope this is not a duplicate, i could not find anything for the issue and since i am a bit of a noob the documentation is a bit overwhelming.
I am trying to automate getting a token id using api requests for some automation api testing .
This is the code:
auth_data = {“username”:“,my_username”,
“password”:“my_password”,
“options”:{“multioptionalfactorenroll”:True,
“warbeforepasswordexpired”:True}
}
auth = requests.post(“https://my_domain.okta.com/api/v1/authn?”,data = json.dumps(auth_data))

this first request works fine, i get a sessionToken id.

authorize = requests.get(‘https://my_domain.okta.com/auth2/v1/authorize?client_id =myclientid&response_type=id_token token&scope=openid email profile&redirect_uri=redirect uri from okta app&state=session_token_id&nonce=my_nonce’)

#the response of this code instead of a url with a token_id i get something like this:
https://my_domain.okta.com/login/loginhtm?fromURI=oauth2/v1/authorize/redirect/okta_key=some_okta_key

We have implicit flow setup in okta(not something i can change).
What am i missing?
Thank you

Hi @Blitz welcome! State is a diff parameter from session token i.e. they have diff values. You can use the following call instead - Work with Okta session cookies | Okta Developer.

Which token id are you looking for, is it the jti claim in the user’s ID token for an OpenID Connect application?

If you’re seeing an okta_key in the URL, that means the user hasn’t yet completed log in to your application. You should wait until your user has completed authentication and instead read the id_token that will returned to your redirect_uri via implicit flow, which will contain the jti claim within the token payload

While searching for solutions there was one where state was equal to sessionToken and i just left it as that, was not sure if i could just put something random in here.
Thank you for the reply, i got exactly what i needed using the url in the documentation.

Thank you for the clarification, i suspected it had something to do with the login, at first i thought the /authn endpoint took care of that:D. Was able to resolve the problem with the documentation provided in the response sigama gave.
If anyone else has this issue i would like to add that in order for token id to work as the bearer i had to setup the request with allow_redirect = False and get it from .headers, for some reason using directly the url to get token id and use it in other requests gave response 401.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.