Getting 401 after using access token

Hi all,

I have created a Service Application in okta and custom authorization server.
Also created custom scope for the authorization server.

Later I did generate client assertion using following code snippet:

image976×204 59.5 KB

I used client assertion generated from the above snippet to generate access token. Please refer following screen for the postman request:

image1093×689 191 KB

I have used the access token received from above request and performed rest request to get all the users.

image1117×703 108 KB

I am getting 401 error.
Can anyone please let me know how to resolve this?

Note: I also tried to enter scope=okta.users.read while requesting the token. The error received was: “One or more scopes are not configured for the authorization server resource.” Therefore changed the scope to “custom” and retrieved the access token.

Regatds,
Gourav

Hi gourav, it looks like you’re using OAuth for Okta API with a custom authorization server but the Okta API scopes are not available for custom authorization servers.

According to Implement OAuth for Okta | Okta Developer :

Only the Org Authorization Server can mint access tokens that contain Okta API scopes.

Apologies for the delay in reply Warren.

Just to confirm, is the following statement still true :

“Only the Org Authorization Server can mint access tokens that contain Okta API scopes.”

Though the link to documentation still says that, but I would be glad if you confirm once.

Hi @gourav

Yes, you will need to use the Org Authorization Server in order to generate access tokens with Okta API scopes.

Hi @dragos: When is okta planning to support client credential’s grant flow with custom authorization server? It will help us to plan accordingly.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.