We have integrated an API Service into our application. However, when we attempt to generate a token using the Client Credentials method through the Swagger UI, an error arises. The error message indicates: “Authentication Error, error: invalid_client, description: Browser requests to the token endpoint must use Proof Key for Code Exchange.”
We are seeking guidance on how to address this issue and successfully generate the token. It’s worth noting that we lack a client app, and we are not employing the Proof Key for Code Exchange method for token generation. Is there a solution or configuration adjustment that can help us navigate this situation?
Did you try the same call through postman or similar tool? This might be happening because “Origin” header is present in the request to the /token endpoint of the authorization server. Check the following article: Okta Help Center (Lightning)
I have used API Service. So Proof Key for Code Exchange is not required as this has no UI and I am using ClientCredentialts to generate token via Client_id and secret. I can generate the token via swaagger by entering the clientid and secret. But my client wants to use swagger and they just want to enter id and secret and get the token. they don’t want to generate the token paste it in swagger and run the Api. In a shortcut manner just want to add ClientID and secret generate the token, token will get handled by swagger Ui and run the Api.
This is most likely a security concern, Okta doesn’t want their customers to use “client_credentials” flow in browser scenarios.
As a workaround, you may implement “/api/oauth2/login” endpoint in your API that will be just proxy to Okta Token endpoint, so then you can configure Swagger to use your local endpoint as Token Url.
