Endpoints do not match documentation endpoints

I found the following, but the endpoints do not match in the documentation OpenID Connect & OAuth 2.0 API | Okta Developer

I use <turner.okta.url>/token currently, but <turner.okta.url>/oauth2/default/v1/token gives me a 500 error code

I am trying to use the introspect api, but token is the only one that I have working right now.

Yes I am sending in the correct Request Parameters. token works only as <turner.okta.url>/token, but not as <turner.okta.url>/oauth2/default/v1/token.

Click on the link to the endpoint your interested in, for example, /token

And you’ll see:

For example:

  async exchangeCodeForToken(): Promise<void> {

    const params = new URLSearchParams(this.document.location.search.substring(1));

    const code = params.get('code');
    const state = params.get('state');

    const endpoint = this.config.issuer + '/v1/token';

    const httpOptions = {
      headers: new HttpHeaders({
        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'

    const body = {
      grant_type: 'authorization_code',
      client_id: this.config.clientId,
      redirect_uri: this.config.redirectUri,
      code: code,
      code_verifier: 'M25iVXpKU3puUjFaYWg3T1NDTDQtcW1ROUY5YXlwalNoc0hhakxifmZHag'

    const urlEncoded = Object.keys(body).map(key => key + '=' + body[key]).join('&');

    return this.http.post<any>(endpoint, urlEncoded, httpOptions).toPromise();

Hi @jackstine

Usually the 500 error occurs because the request body is malformed. Can you please open a case with us by sending us an email to developers@okta.com in order to check also the back-end logs and confirm the cause of this issue?

@Robinyo that does not work, /v1/token does not work /token does.
introspect does not work, neither anything else mentioned in the document.

I can successfully call the token api with any of the grant types, all the other APIs send me a 500 error. And yes I am sending the correct Method, POST.

@dragos the body is exactly as it is stated in the docs. So for retrospect I send
token, token_type_hint, client_id, client_secret.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.