Endpoint to get token {{url}}/oauth2/v1/token

I’m trying to run this endpoint thru postman
grant_type: password
scope: okta.users.read.self
and I have error:
The client is not authorized to use the provided grant type. Configured grant types: [authorization_code].
Application is [OKTA-OIDC-WEB], Secutity->API created. What should I set to get rid of this problem

Please try using the authorization code flow. Please refer to the following documentation: Implement authorization by grant type | Okta Developer


Hi @marcin.bahojlo! Are you attempting to set up OAuth for Okta - Implement OAuth for Okta | Okta Developer?


Didn’t have a chance yet, I’m on holiday next week. For 100% I will come back to topic after 05.02.2023

Well I check both scenarios and none of them helped, I even set all * [Okta API Scopes] to granted

And response is still

Well one thing more I created New App Native

For the first issue, the error message returned to you is explaining that the Client you are currently using is only able to use the Authorization Code grant type. If you want to use password instead, make sure that Resource Owner Password enabled as an allowed Grant Type in the Okta admin console:

For the second, can you confirm that the same user is able to log into your org with the same credentials you are using in that Postman request?

1 Like

I have a related question, it appears we need to use https://{{ORG_NAME}}.okta.com/oauth2/v1/token to get an access token with the okta.* scopes, so how do I set auth server policy rules when all that is available is default ( which has a different token endpoint)

That’s correct, you must use the Org Authorization Server to receive a token with the okta.* scopes (with the exception of MyAccounts scopes, which are available when using a Custom server).

As such, you cannot configure any Access Policies/Rules and, generally speaking, you should have no need to do so. The Org Authorization has fixed token lifetimes that cannot be changed, but it will have all eligible grant types enabled for you by default.