I created a Service Application in my Okta account using the documents found here:
https://developer.okta.com/docs/guides/implement-client-creds/setup-app/
I moved on to the next page in the sequence and setup custom scopes according to the linked document.
At this point I expected to be able to get a token from the /v1/token API endpoint on my auth server based on these instructions:
https://developer.okta.com/docs/guides/implement-client-creds/use-flow/
curl -Ssi \
--request POST \
--url "${OKTA_AUTH_URL}/v1/token" \
--header 'accept: application/json' \
--header "authorization: Basic ${OKTA_CLIENT_ID}:${OKTA_CLIENT_SECRET}" \
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--data "grant_type=client_credentials&scope=${custom_scope}"
I have reviewed the values in OKTA_AUTH_URL, OKTA_CLIENT_ID, and OKTA_CLIENT_SECRET and crossed checked them with what I have in the admin console.
I received a 400 response with the following body payload in JSON:
{"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id' parameter.","errorLink":"invalid_client","errorId":"oaelOm9cjrJRmCCH_7VIo-IaA","errorCauses":[]}
My questions:
- Is it apparent what I am doing wrong from the above description?
- What should I check in my authorization server setup?
- Is there anything I could have missed in my access policy or rules setup attaching the service client/application in the auth server I am hitting?
- Is there a way I can look up the errorId in the error message in my admin interface for more tracing capability?