Hi everyone,
i’m new to OKTA, and i’m using OKTA Developer.
I’ve developed a microservice that I’ve secured with OKTA. When I use the default authorization server to generate the access token, all requests to the endpoints of my microservice are authenticated.
Since I’d like to manipulate OKTA APIs in my backend, I’ve migrated to the bluid-in org authorization server to be able to use scopes like okta.users.manage and okta.groups.manage. I can see that these scopes are presents in my access token.
My problem is that using this access token no longer allows access to the endpoints of my microservice. I get a 401 Unauthorize error.
Access Tokens issued by the Org Authorization Server are not designed/intended to be consumed by other, non-Okta resource servers, as described in this article.
These tokens are intended to be used against Okta’s own APIs as authorization, so if you need to validate these tokens, you can either use the Introspection endpoint OR send it to an Okta management endpoint as authorization
Hi @andrea.
Thank you for your clarification !
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.