Hello,
I am new to okta OAuth2.
I try to secure my single dropwizard REST Api service using okta OAuth2.
I manage to set up the service side with the use of a how to guide, test it successfully with a token which I generated in setting up a web app in okta and then with the help of the site OpenID Connect debugger.
However, I am completely at a loss on obtaining a token from postman.
If I use the same call as for ocidebugger, that is
oauth2/default/v1/authorize?client_id=XXX&redirect_uri=https://localhost:8443&scope=openid&response_type=token&response_mode=form_post&state=ZZZ&nonce=something
It keeps me asking to login.
But providing username and password in the header wont do. (The web app approach seems to rely on a session cooky)
I tried various other calls, eg: “Get Access Token with Resource Owner Password Credentials”
{{url}}/oauth2/v1/token
Here I manage to obtain a token, after fiddling around with creating a native app, an configuring it to accept username/password in okta.
But this token will not authenticate my service:
Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Can anyone point me to a concise how to?
Thanks
Matthias