Client Secret Invalid

I’m trying to set up a new OAuth application and API in my Okta account. Following the guides posted here (https://developer.okta.com/docs/guides/implement-client-creds/setup-app/) and here (https://developer.okta.com/docs/guides/customize-authz-server/create-scopes/), I was able to create an application and authorization server.

Unfortunately, when testing, I’m receiving the following error:

. {“error”:“invalid_client”,“error_description”:“The client secret supplied for a confidential client is invalid.”}

The error would imply that my client_secret is incorrect. However, I copied the client id and secret from the application. In addition, I encoded the client ID and client secret appropriately ( echo client_id:client_secret | base64 ). Here’s the curl statement that I’m using for testing:

curl --request POST
–url {AUTH_SERVER}/v1/token
–header ‘accept: application/json’
–header ‘Authorization: Basic $AUTH’
–header ‘cache-control: no-cache’
–header ‘content-type: application/x-www-form-urlencoded’
–data ‘grant_type=client_credentials&scope=custom_scope+offline_access’

Any thoughts on what might be up?

Hi @faryenwede,

I was able to get this working by doing the following -

  1. Create a service application and note client_id and client_secret.
  2. Generate the base64 encoded auth header using https://simplycalc.com/base64url-encode.php (client_id:client_secret)
  3. Create a custom scope on your custom authorization server (I used the default authorization server)
  4. Make the following curl request -
curl --request POST \
  --url https://my-okta-org.com/oauth2/default/v1/token \
  --header 'accept: application/json' \
  --header 'authorization: Basic MG9h....' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials&scope=custom'

Make sure you’re using the right /token endpoint, the right encoding, and also try with only custom_scope first.
If you can post screenshots of your application and auth server, that might give some clues.

Thank you. That was the solution.

1 Like