I got am access token using Oauth2 method in Okta platform. Now, try to get the user details using API but it’s not working. I add the the access token in request header too. If I do any scope related issue, please let me know how to provide the scope in request.
API URL: https://dev-52063794.okta.com/api/v1/users
Header:
Content-Type:application/json
Authorization:Bearer {{access_token}}
Note: I get the access_token using default authorization server.
Error: 401 unauthorized
Did you follow our guide for setting up an app to use for OAuth for Okta?
Have you enabled/requested the ‘okta.users.read.self’ scope for these tokens (for a web/spa/native app where the user is issued the token directly) or the ‘okta.users.read’ scope if the token is issued to a service app?
If you make a request to /api/v1/users/me with the token, does the call succeed or fail?
Hai Andrea,
I provide the scope for my client app or service app to access the user details. I attach the screenshot for further clarification please check that 
Then, I tried with /api/v1/users/me URL in request, provide 401 error.
Can you ensure that when you request these tokens, you are using the Org authorization server (https://org.okta.com/oauth2/v1/authorize and https://org.okta.com/oauth2/v1/token) and not any of the custom servers (including the one confusingly called ‘default’)?
Default means, default custom authorization server.
My question is, “I successfully got the access token using oauth method, then I tried to get the user details using this access token in /users API that’s not working”.
Then you will need to instead request tokens from the Org authorization server. Only tokens issued by the org server, and not any of the custom servers, can be used against the Okta resource endpoints, like /users. See the note in our OAuth for Okta guide.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
