I don’t know if I’m doing something wrong but I have created an oauth2 token, and I have given the following scopes:
okta.clients.read
okta.users.manage
okta.users.read
I have the access token, via /token and I have checked that it is correctly activated with introspect.
My question is how to make requests with this api, I am for example making the following request:
https://{{myorg}}.oktapreview.com/api/v1/users?limit=25
and in the header I have instead of ssws I have Bearer {{accessToken}}
However with postman I can make the request with ssws but I can’t do it with the oauth access token, I get error 400 bad request.
Okta silently downscopes the request, which means it returns all the requested scopes in the token, but the token will not work if the endpoint requires that particular scope.
What are the admin permissions for the user making the request? Remember that any resource that requires an admin API token be used to access it (like listing all users) will also have the same admin permission requirement if using an OAuth token to authorize the requst.
If you log in as a super admin, does the request work?