How to implement access_token generation via rest api


#1

Hi,

I am finishing migrating our code from Stormpath, but am having a problem with generating an access token as I had done previously. As far as I can tell, I should be able to call oauth2/v1/authorize with a sessionToken retrieved from the authn API. The problem is that no matter what I’m entering I get a 404 currently.

Here is what my longest string looks like - any help would be appreciated:

https://MYORG.oktapreview.com/oauth2/v1/authorize?response_type=token&client_id=MYCLIENTID&scope=offline_access&response_mode=query&sessionToken=MYSESSIONTOKEN&state=foo&nonce=bar

Note that in Stormpath I could just make a call and get the token back. I realize that I might need to parse some data that isn’t json, but that’s fine with me…how do I do this? I’ve spent quite a bit of time on this already and feel like I’m running in circles.

Thanks,
Justin

*I have looked at the other questions based on this, but they have not proven to be helpful.


#2

Per this response I should use the token api, and not authorize since I am doing this all in backend. The problem is that I have tried that one also, and cannot authenticate. If I use SSWS and pass in client_id then I’m still prompted for a username/password (which still doesn’t seem to work):

POST /oauth2/v1/token HTTP/1.1
Host: MYORG.oktapreview.com
Authorization: SSWS MYTOKEN
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

grant_type=password&username=URLENCODEDUSER&password=PASSWORD&scope=[offline_access]&client_id=MYCLIENTID&client_secret=MYCLIENTSECRET

And if I try to remove client_id and secret, Base64ing MYCLIENTID:MYCLIENTSECRET and using Basic BASE64OUTPUT then I get an automatic failure


#3

JustinPihony, Did you ever get this to work? I’m struggling with the same. Thanks!


#4

Hi @mort

Yes I was able to solve it in my case by setting the Access Policy to “All Clients”. If you need specifics let me know.

-Justin