I’m trying to run this endpoint thru postman
{{url}}/oauth2/v1/token
with:
grant_type: password
scope: okta.users.read.self
and I have error:
The client is not authorized to use the provided grant type. Configured grant types: [authorization_code].
Application is [OKTA-OIDC-WEB], Secutity->API created. What should I set to get rid of this problem
Please try using the authorization code flow. Please refer to the following documentation: Implement authorization by grant type | Okta Developer
Hi @marcin.bahojlo! Are you attempting to set up OAuth for Okta - Implement OAuth for Okta | Okta Developer?
Didn’t have a chance yet, I’m on holiday next week. For 100% I will come back to topic after 05.02.2023
Well I check both scenarios and none of them helped, I even set all * [Okta API Scopes] to granted
And response is still
Well one thing more I created New App Native
- Then assign user
*But now I have this result:
{
“error”: “invalid_grant”,
“error_description”: “The credentials provided were invalid.”
}
For the first issue, the error message returned to you is explaining that the Client you are currently using is only able to use the Authorization Code
grant type. If you want to use password
instead, make sure that Resource Owner Password
enabled as an allowed Grant Type
in the Okta admin console:
For the second, can you confirm that the same user is able to log into your org with the same credentials you are using in that Postman request?
I have a related question, it appears we need to use https://{{ORG_NAME}}.okta.com/oauth2/v1/token to get an access token with the okta.* scopes, so how do I set auth server policy rules when all that is available is default ( which has a different token endpoint)
That’s correct, you must use the Org Authorization Server to receive a token with the okta.* scopes (with the exception of MyAccounts scopes, which are available when using a Custom server).
As such, you cannot configure any Access Policies/Rules and, generally speaking, you should have no need to do so. The Org Authorization has fixed token lifetimes that cannot be changed, but it will have all eligible grant types enabled for you by default.