I am currently trying to fetch organization details with access tokens gotten using the client__credentials flow.
I am currently trying to do this using the /api/v1/org endpoint but i am getting a 403 unauthorized error.
const response = await axios.get(`${org_domain}/api/v1/org`, {
headers: {
Authorization: `Bearer ${data.access_token}`,
},
});
How did you generate the Access Token you are using? Did you follow our guide for OAuth for Okta for Service apps?
Per our API docs, the required Okta API Scope for this endpoint is okta.orgs.read. If you did follow the above guide to set up a Service App, have you granted this scope to said application and then requested this scope when you requested an Access Token from Okta?
I will note that the okta.orgs.read and okta.orgs.manage scopes are currently unavailable to enable within the Admin UI, so if your API Service app is not currently allowed to use this scope, you will need to enable it. Here’s the request you’ll need to complete: Grant consent to scope | Application Grants API | Okta Developer
This is how the token was generated using the client_credentials grant
const params = new URLSearchParams();
params.append('grant_type', 'client_credentials');
params.append(
'scope',
'okta.apps.read okta.groups.read okta.groups.manage okta.reports.read okta.myAccount.organization.read okta.users.manage okta.users.read okta.logs.read okta.events.read okta.eventHooks.manage',
);
try {
const { data } = await axios
.post(tokenUrl, params, {
headers: {
Authorization:
'Basic ' +
Buffer.from(client_id + ':' + client_secret).toString('base64'),
'Content-Type': 'application/x-www-form-urlencoded',
Accept: 'application/json',
},
})
.catch((err) => {
console.log(err.response.data);
throw AppErrHandler.handleError('ERROR_GETTING_ACCESS_TOKENS');
});
the client_id and client_secret were gotten from an okta OIN App
I added the okta.orgs.manage and the okta.orgs.manage scopes but i get the response below when i try to Authorize the OIN
An error occurred while authorizing the API Service Integration.
Api validation failed: grantedScopes
"grantedScopes: 'grantedScopes' is invalid. Valid values: [okta.apps.read, okta.users.manage, okta.users.read, okta.orgs.manage, okta.logs.read, okta.myAccount.organization.read, okta.groups.read, okta.eventHooks.manage, okta.reports.read, okta.events.read, okta.groups.manage]
It works fine when i remove the okta.orgs.manage and the okta.orgs.manage scopes
Ah, this is for an OIN API Service Application? Based on what I see in your screenshot, it doesn’t look like this integration is allowed to use the okta.orgs.manage scope.
Is this for an existing OIN integration, or are you working on creating and submitting an integration to our OIN?
I am working on creating and submitting an integration.
you said the integration is not allowed to use the okta.orgs.manage scope. do i have to set this up as well? and if so how do i go about it?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
