I have an Okta SPA application which I’m trying to integrate with my ReacJS application. Following is the configuration:
Scopes:
I’m able to successfully login and able to fetch the token but, when with that token I make a call to api/v1/users endpoint, I end up getting a 400 error without any Rsponse Body.
Following is my OktaConfig
Could someone please help, I’m stuck at this.
First thing, make sure you are using Access Tokens returned by the Org Authorization Server if you are sending them to Okta’s APIs as auth, as discussed in our articles about OAuth for Okta here: Implement OAuth for Okta | Okta Developer
You will also want to ensure that, when this token is requested, you are requesting the scopes necessary to authorize the call. In this case, you need to request the okta.users.read scope.
Yes, I’m passing accessToken as you can see in my screenshots. okta.users.read is also granted on the portal. I tried added it in scopes: ['openid', 'profile', 'email', 'okta.users.read'] but, got an error saying One or more scopes are not configured for the authorization server resource.
In that case, the problem is that you are using the wrong authorization server.
Can you try updating your issuer to https://subdomain.okta.com"(removing “/oauth2/default” from the current value) and add back the okta.users.read from your list of scopes.
The only other thing I want to add/remark on is that the user that received the token MUST be an admin with sufficient admin permissions to read users for this call to succeed.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
