Do I need the client secret to get access token for backend testing

I currently need to get access token for backend testing in Java.

It seems if I want to get the access token using the oktadomain/api/v1/token endpoint I would need the client secret, but I do not have access to that on this engagement nor does our client want to give access to that.

So I have been looking into the alternative using the oktadomain/v1/authorize endpoint for getting the access token. I have the session token currently from authentication with the okta sdk but I have not figured out where to go from here. I have created other posts voicing my struggles with getting the /authorize endpoint working and would like to know if this is even possible from a backend perspective with only having the session token and not the client secret.

If you are trying to use any flow but Implicit AND the application is configured with a Client Secret, the answer is going to be no, you cannot get a token back without having the client secret available.

You could look to using implicit flow to get an access token, but the application will have to be configured to support this flow as well.

@harvans5 could you explain what you’re trying to accomplish? Not in code but in terms of human or system interaction?