How to programmatically log in to a webpage that uses OKTA for auth?

My work uses a website to download files through its UI. We have a valid user login for the server which uses OKTA for the auth process, but we want to automate the process programmatically.

When logging in the website through its UI, I captured a POST request to with the valid username and password and another POST request to with client_id, code_challenge, code_challenge_method, nonce, redirect_uri, response_type, sessionToken, state, and scope in network tab.

To automate the process, I first sent a POST request to https:///api/v1/authn with the valid username and password in json format. This returns a status code of 200 and receives a sessionToken and a _embedded/user/id which seems a client_id.

Then I sent a POST request to with the sessionToken and the client_id as well as other required params as query params, but it always returns 400 not found.

Except for arbitrary values that change every login trial, I know sessionToken, clientId, redirect_uri, response_type, scope, and codeChallengeMethod.

Is it possible to programmatically log into a webpage that uses OKTA for authentication? If so, are there any missing steps in my way?


It is possible.

Would you be able to provide the entire /authorize call of a failed attempt, we could check into why a 400 is returned.

Thank You,

Thank you for your support.
client_id and sessionToken are obtained from a post to /authn.
nonce and state are arbitrary values.


A GET request with it returns 400 and a POST request with it returns 404.

The client_id value is not valid for this Okta Org.
Can you verify this is the correct id.

Thank you

I grabbed a wrong client_id from the response from
0oak5ucxelP6WM7Ws2p7 is the correct client_id.