Do I need the client secret to get access token for backend testing

harvans5 · September 20, 2022, 9:40pm

I currently need to get access token for backend testing in Java.

It seems if I want to get the access token using the oktadomain/api/v1/token endpoint I would need the client secret, but I do not have access to that on this engagement nor does our client want to give access to that.

So I have been looking into the alternative using the oktadomain/v1/authorize endpoint for getting the access token. I have the session token currently from authentication with the okta sdk but I have not figured out where to go from here. I have created other posts voicing my struggles with getting the /authorize endpoint working and would like to know if this is even possible from a backend perspective with only having the session token and not the client secret.

andrea · September 20, 2022, 10:07pm

If you are trying to use any flow but Implicit AND the application is configured with a Client Secret, the answer is going to be no, you cannot get a token back without having the client secret available.

You could look to using implicit flow to get an access token, but the application will have to be configured to support this flow as well.

jbaldoatokta · September 23, 2022, 2:00pm

@harvans5 could you explain what you’re trying to accomplish? Not in code but in terms of human or system interaction?

Post		Replies	Views
Unit Testing and Implicit Flow OAuth/OIDC	7	20953	August 17, 2021
Postman API Login Questions	6	3447	June 23, 2021
Need help with hitting okta /authorize endpoint for access token OAuth/OIDC	2	3230	September 20, 2022
Troubles getting my accessToken in my java backend app OAuth/OIDC java	3	6084	January 12, 2024
Getting access token for SPA and server to server api access OAuth/OIDC	3	6908	June 8, 2018

Do I need the client secret to get access token for backend testing

Related topics