We have created an application in Okta, and now we need to use its ClientID and ClientSecret to obtain a token and continue working, for example, with the UserApi from the Okta.SDK .net.
Is it possible?
Thank you in advance.
Hello,
If I understand correctly you want to get an access_token from the application you registered in Okta in Order to make management calls against the Okta Management API using that acces_token instead of an API Token?
If the above is correct then you can do this using a service App.
Follow this guide to setup the application in Okta,
Then configure the Okta.SDK to use the private key to create a JWT in order to exchange for an access_token. See below,
Thank you! That works. But can we achieve the same using ClientId and ClientSecret?
I tried to obtain a token using the following method (I couldn’t find how to do it in the SDK either, so I tried using POSTMAN):
/oauth2/default/v1/token?client_id=0oa5lyf9i8Z1ApXSt697&client_secret=v2lltSEQqFl0QydfRAHDmW7jEpvLP0hJ_paIaV5B&grant_type=client_credentials&scope=okta.users.manage
However, if I specify the scopes from Okta API Scopes, it doesn’t work.
But if I specify scopes from Authorization Servers, I do receive a Bearer token. But when I use it to call an API, for example:
/api/v1/users/{userId}
I receive a 400 error.
Only the Okta Org Authorization Server can mint access_tokens with okta.* scopes.
Your call is using the ‘default’ custom authorization server (/oauth2/default/v1/token)
For the .NET management SDK to obtain an access_token to use for management calls the SDK needs to do the client_credentials flow with a JWT, using a client_id/client_secret combination will not work for this use case.
1 Like