Client_credentials with application_type as web

Hi @ashfaq

You will need to use a custom authorization server created through API Access Management feature for issuing access tokens that are not user bounded. For this, please navigate in your administrative dashboard to Security >> API >> Authorization Servers (or API >> Authorization Servers if using the Developer Console), copy the issuer for the authorization server that you will be using and add it in your application. The requests should forward now to something similar to https://yourOktaOrg.okta.com/oauth2/default/v1/token or https://yourOktaOrg.okta.com/oauth2/auss64hoq4PQUNXGa2p6/v1/token. Please note that you will need to create a custom scope from within the authorization server that will need to be passed in the request to the /token endpoint as mentioned here.

Alternatively, if you do not see the Authorization Servers tab, you can implement OAuth for Okta client credentials flow which uses one of the scopes available here for issuing access tokens using the Okta authorization server.