How to get the access_token of a user using postman

I’m a very new okta service.
I played around postman collections to get the access_token.
I believe the following endpoint is to get the access_token,

endpoint: {{url}}/oauth2/default/v1/token
request: POST
grant_type: authorization_code,
redirect_uri: http%3A%2F%2Flocalhost%3A9999,
code: {{code}}
Username: {{clientId}},
Password: {{clientSecret}}

I’ve no idea what to pass it to code parameter.

Later I found an endpoint to get the code,
endpoint: {{url}}/oauth2/v1/authorize?client_id={{clientId}}&response_type=code&response_mode=query&scope={{scopes}}&redirect_uri={{redirectUri}}&state={{state}}&nonce={{nonce}}

Again I’m confused in the state and nonce parameters.

Can someone help me here?
Thanks in advance.

You need to get an idea of how OIDC flows work. To be able to get an access token you need first an application created, which will send a user (or user credentials) to Okta for authentication first. And then depending on a flow selected, it can either return a token back, or authorization code.

state is random value your application sends to authz server and expect it to return back the same value, so it to protect/save the state of the application. Nonce is just a random value sent by the application. authz server checks it to prevent replay attacks.

1 Like