When i try to fire a request through Postman, I get following response
{
“error”: “invalid_client”,
“error_description”: “Invalid value for ‘client_id’ parameter.”
}
Please find following screenshot with request parameters:
Need your help to get this done and additionally I need to make this request silently within from PCL solution on Xamarin.Native (Xamarin.iOS & Xamarin.Android) project.
Regarding the error that you are seeing, the authorization header should contain the client_id and client_secret instead of username and password. Also, when sending this header, the client_id should not be present.
FYI I don’t have client_secret as because I am using PKCE. In this case to call /token (to get refreshed AccessToken) request I need to send client_assertion and client_assertion_type, right?
That is correct, you need client_assertion and client_assertion_type. From what I see in the script, you are missing the refresh_token from the body of the request.
Here is a cURL example to refresh the access token when using authorization code flow with PKCE
curl -X POST https://org.okta.com/oauth2/v1/token
-H ‘Accept: application/json’
-d ‘grant_type=refresh_token&redirect_uri=REDIRECT_URI&scope=openid%20profile&refresh_token=REFRESH_TOKEN&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=CLIENT_ASSERTION’
It seems client credentials are expected through authorization header, I tried adding that then failure reason changed to token_request_missing_grant_type whereas grant_type is set to refresh_token.
In short, currently I am getting UnAuthorized based on your last response, you can validate my CLIENT_ASSERTION whether it is as expected or not.
Can you please send an email to developers@okta.com in order to have this further investigated? Through a support ticket, we can review also the server logs and narrow down the issue easier.
