I got an access token using Oauth2 method IdentityModel package by connecting through Authority, Scope, ClientId, ClientSecret. Now, trying to get the user details using API but it’s not working

ravikishore · May 30, 2023, 8:43am

I got an access token using Oauth2 method IdentityModel package by connecting through Authority, Scope, ClientId, ClientSecret.
Now, trying to get the user details using API but it’s not working.
I added the the access token in request header too. Please let me know if I am missing anything here.

API URL: https://dev-70769058.okta.com/oauth2/v1/userinfo

Header:
Content-Type:application/json
Authorization:Bearer {{access_token}}
Example Access Token - eyJraWQiOiJ3S0Jlek9OTFYtS3hoaTFKOTBvX2hFMFk2S2tseVFtOFFKV2tJU1p5VlNRIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULkRyV0dkSVFTMUotNktvaGJIaGNOT25uQWVoR0psMTBlQWdaY0dVeXBUalkiLCJpc3MiOiJodHRwczovL2Rldi03MDc2OTA1OC5va3RhLmNvbSIsImF1ZCI6Imh0dHBzOi8vZGV2LTcwNzY5MDU4Lm9rdGEuY29tIiwic3ViIjoicmF2aS5raXNob3JlMTFAb2t0YS5jb20iLCJpYXQiOjE2ODU0MzU1MDgsImV4cCI6MTY4NTQzOTEwOCwiY2lkIjoiMG9hOWxkd2cyNTFUeWNUekc1ZDciLCJ1aWQiOiIwMHU5bGtkdXg3Qlpxemx2YzVkNyIsInNjcCI6WyJva3RhLnVzZXJUeXBlcy5yZWFkIl0sImF1dGhfdGltZSI6MTY4NTQzNTUwMn0.rpEZKYqGi6eUfQDby0x3FoM5O1tRs15CM0Z273c-wT2mXoMiAfSfC4hj0SB4jhYx-5GKWioaf4FjgC7S9T193Wn-rDPVoXv93gbdAeKQPByOmkR6uDB2nOEmcLKuqwjhWZB3w9unw9PYdcnQMlC7LTEiHRKsp3166pPTcJmDa1ypE2X4k3SYy1KpY7sIWsZAZDSphOsEhcIQ2qC9MmPQSoowpNO4MGgaJ0R5pyt6_VQj8CJRCDd0AUVV0-2s8yrpQGeO7ChOtvR1UyA9mkokWbhEBGmCDGujzHYaCkRkYkcIGIf78fhOBgkLymTTJ4xnWh_muUxVB3IVLn6G8j1MPg

Note: I get the access_token using Open Id Identiy Model.
Error: 403 Forbidden

andrea · May 30, 2023, 3:17pm

Hmm, I don’t see anything wrong with your request. The path looks right and matches the iss in your example token.

However, it looks like this Access Token was NOT granted the openid scope, so access to the Userinfo endpoint (part of the OIDC spec) would not be possible. What you have right now is an OAuth only Access Token, so OIDC endpoints like Userinfo will not work

ravikishore · July 19, 2023, 7:32am

Hi Andrea, Is there any API okta will provide by passing username and password that will return the okta identity token and groups.

Thanks & Regards,
Ravikishore

andrea · July 19, 2023, 9:12pm

Technically, you could use Resource Owner Password grant. The body for that request (to the /token endpoint) includes the username and password. Its not recommended for most use cases though.

If you’re working in an Okta Identity Engine org, you could look to use our .NET IDX SDK to handle the authentication portion for you. More info in our guides: Basic sign-in flow using the password factor | Okta Developer

If you’re still using an Okta Classic org, you will instead want to check out out .NET Authn SDK

ravikishore · July 19, 2023, 9:58pm

Hi Andrea,

I am trying to use the .NET IDX SDK. I see the below error

Could you please help me with this.

Thanks & Regards,
Ravikishore.

andrea · July 20, 2023, 5:12pm

Make sure you’ve enabled the “Interaction Code” grant type in Okta, both in your OIE org itself, for the OIDC application, AND (if you are using a Custom Authorization Server), the Authorization Server, as described here: Verify that the Interaction Code grant type is enabled | Okta Developer