Get User API is giving invalid token error

Questions OAuth/OIDC
1

Get User API is giving invalid token error

We are using below endpoint to get access token
username and password is clientID and secret
In body we are passing Grant_type as client_credentials and scope as ‘ABC’
We are getting access token

https://XXX.oktapreview.com/oauth2/default/v1/token

We are using below endpoint to get user list using the access token we got above
https://XXX.oktapreview.com/api/v1/users/

We are passing Authorization header as SSWS $accesstoken but we are getting below error

{
“errorCode”: “E0000011”,
“errorSummary”: “Invalid token provided”,
“errorLink”: “E0000011”,
“errorId”: “oaeXALA1nIbQ6iJI-hIepJCBw”,
“errorCauses”:
}

Can you please suggest if we are passing correct parameters

2

Few things for this one

  1. If you want to use OAuth Access Tokens to authorize calls to Okta’s APIs, they must be issued by the Org Authorization server (https://XXX.oktapreview.com/oauth2/v1/token)
  2. You must enable (in the Application configuration on the Okta admin console) and request (in your /token call) the appropriate Okta API scope for the method/endpoint. In this case, you need okta.users.read
  3. If you do get a valid Access Token back from the Org AS with the appropriate scopes, you will need to send it as Authorization: Bearer instead of SSWS. SSWS is only used for API tokens
  4. In order to use a Service App and Client Credentials flow with the Org AS to get tokens that you can use against Okta’s own management endpoints, you need to configure the app to use private key JWT auth.

I recommend following this guide that shows you how to set all this up so you can use a Service app to get OAuth Access Tokens that can interact with Okta’s endpoints: Implement OAuth for Okta with a service app | Okta Developer

3

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.