How to access okta api on behalf of the authenticated user

I have an app where a user logs in with openid connect via okta.
How can I access okta api on behalf of the logged in user.
Thanks in advance.

You can choose which Okta API scopes to grant and then request those scopes in the /authorize request. Then you make requests to the Okta API on behalf of the user using the access token.

So I need to get a second access token ?
I can’t seem to be able to add the scopes to the openid access token.

You need to grant the Okta API scopes on the Okta app settings before you can request the scopes in the /authorize request.