I am new to Okta and want to create an access token for a user. Currently I am trying to do that with postman. My current steps are:
- Calling the api/v1/authn endpoint => I receive the sessionToken
- Calling the oauth2/v1/authorize endpoint with: client_id, response_type = code, response_mode = query, scope = openid, redirect_uri, state = some value, nonce = a guid, sessionToken = the received sessionToken => I receive the code in the location header
- Calling the oauth2/default/v1/token endpoint with grant_type = authorization_code, code = the code from second call, redirect_uri = same value as in 1. call and as authentication I use the clientId and secret (it is configured as web app in Okta menu). => The 3. Callc is everytime forbidden and I do not know why. Can somebody help me?