For machine to machine authentication i have created an application with Api services option but when try to get the token using default server I get 400 response back.
The “Default” Custom Authorization Server (issuer ===
https://oktaDomain/oauth2/default) does support Client Credentials flow, but the “Org” Authorization Server (issuer ===
https://oktaDomain) only supports CC flow using Private Key JWT auth to receive an Access Token you can use against Okta’s APIs.
For machine to machine auth, you must use a custom authorization server. You will not be able to locally validate access tokens issued by the Org Authorization Server as they are only intended to be consumed by Okta’s APIs.
More details about OAuth for Okta APIs here: Implement OAuth for Okta with a service app | Okta Developer
Thanks, Andrea for the response. If I use /oauth2/v1/introspect to validate the token then I should be able to use Default custom authorization server (issuer ===
https://oktaDomain/oauth2/default ), right? but I can not even create token using client credential flow using https://oktaDomain/oauth2/default/v1/token endpoint, I get 400 response code, is there something I need to enable on my org?
You should be able to use the Default Authorization Server to get a token back. What are the specifics of the 400 error you are seeing?