Getting jwt token through postman fails

Hello! I am trying to obtain jwt token through postman to test all of my endpoints - i followed this guide Using Postman Automation to Test API Endpoints Protected by Okta’s PKCE Flow - DEV Community but after checking everything a few times it still fails at the second request (200 code is being returned while the expected is 302). Here is my second request url:

{{oktaUrl}}/oauth2/default/v1/authorize?client_id={{oktaClientId}}&code_challenge={{codeChallenge}}&code_challenge_method=S256&redirect_uri={{redirectUri}}&response_code=code&sessionToken={{sessionToken}}&state=state&nonce=nonce&scope=openid

and response:

<!doctype html>
<html lang="en">

<head>
	<meta charset="utf-8" />
	<link rel="icon" href="/favicon.ico" />
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<meta name="theme-color" content="#000000" />
	<meta name="description" content="Web site created using create-react-app" />
	<link rel="apple-touch-icon" href="/logo192.png" />
	<!--
      manifest.json provides metadata used when your web app is installed on a
      user's mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/
    -->
	<link rel="manifest" href="/manifest.json" />
	<!--
      Notice the use of  in the tags above.
      It will be replaced with the URL of the `public` folder during the build.
      Only files inside the `public` folder can be referenced from the HTML.

      Unlike "/favicon.ico" or "favicon.ico", "/favicon.ico" will
      work correctly both with client-side routing and a non-root public URL.
      Learn how to configure a non-root public URL by running `npm run build`.
    -->
	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet"
		integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous" />
	<title>React App</title>
	<script defer src="/static/js/bundle.js"></script>
</head>

<body>
	<noscript>You need to enable JavaScript to run this app.</noscript>
	<div id="root"></div>
	<!--
      This HTML file is a template.
      If you open it directly in the browser, you will see an empty page.

      You can add webfonts, meta tags, or analytics to this file.
      The build step will place the bundled scripts into the <body> tag.

      To begin the development, run `npm start` or `yarn start`.
      To create a production bundle, use `npm run build` or `yarn build`.
    -->
	<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"
		integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous">
	</script>
</body>

</html>

If you are seeing a 200 come back from an /authorize request, that means the user still needs to authenticate and Okta is trying to render the login screen.

Are you making an /authn call first and then sending the resulting sessionToken along to /authorize? If so, does the app in question have its own Authentication Policy that requires the user to verify an additional factor or reauthenticate?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.