We have created an application in Okta, and now we need to use its ClientID and ClientSecret to obtain a token and continue working, for example, with the UserApi from the Okta.SDK .net.
Is it possible?
Thank you in advance.
We have created an application in Okta, and now we need to use its ClientID and ClientSecret to obtain a token and continue working, for example, with the UserApi from the Okta.SDK .net.
Is it possible?
Thank you in advance.
Hello,
If I understand correctly you want to get an access_token from the application you registered in Okta in Order to make management calls against the Okta Management API using that acces_token instead of an API Token?
If the above is correct then you can do this using a service App.
Follow this guide to setup the application in Okta,
Then configure the Okta.SDK to use the private key to create a JWT in order to exchange for an access_token. See below,
Thank you! That works. But can we achieve the same using ClientId and ClientSecret?
I tried to obtain a token using the following method (I couldn’t find how to do it in the SDK either, so I tried using POSTMAN):
/oauth2/default/v1/token?client_id=0oa5lyf9i8Z1ApXSt697&client_secret=v2lltSEQqFl0QydfRAHDmW7jEpvLP0hJ_paIaV5B&grant_type=client_credentials&scope=okta.users.manage
However, if I specify the scopes from Okta API Scopes, it doesn’t work.
But if I specify scopes from Authorization Servers, I do receive a Bearer token. But when I use it to call an API, for example:
/api/v1/users/{userId}
I receive a 400 error.
Only the Okta Org Authorization Server can mint access_tokens with okta.*
scopes.
Your call is using the ‘default’ custom authorization server (/oauth2/default/v1/token)
For the .NET management SDK to obtain an access_token to use for management calls the SDK needs to do the client_credentials flow with a JWT, using a client_id/client_secret combination will not work for this use case.