Invalid_scope when trying to get a bearer token via API in Postman

natasha.x.carlton · April 5, 2023, 7:31pm

I am trying to create a pre-request script to automatically get a bearer token when I run an API in Postman. I have the script set up and I am trying to use the following scopes: “openid email profile groups siteline”. siteline is something specific to our project. If I take out “siteline”, the API runs, but I get back an “access_denied” which I assume is because of the missing scope. Am I not allowed to use this “custom” scope in the API request?

I saw this issue: Authorizing Okta scopes: invalid scope error
but even with using /oauth2/v1/authorize instead of /oauth2/default/v1/authorize, I still get the invalid scope error.

erik · April 7, 2023, 5:55am

Hello,

I can’t comment on the Postman setup.

On the Okta side, for custom scopes (non standard OAuth2/OIDC scopes) you need to use a custom authorization server and create/configure the scope accordingly.

/oauth2/v1/authorize is the authorize endpoint for your Org authorization server and can’t have custom scopes configured.
/oauth2/default/v1/authorize is the authorize endpoint for a predefined custom authorization server which can have custom scopes, but they need to be added.

Below is a link for creating scopes in a custom authorization server.

Thank You,

Post		Replies	Views
Authorizing Okta scopes: invalid scope error Questions	4	7003	January 21, 2022
Getting error "One or more scopes are not configured for the authorization server resource" Questions	5	11125	February 8, 2024
Unable to get scope "okta.users.read" working in OpenID connect API call Questions	3	4336	June 9, 2021
Scope issue when authorizing Oauth OAuth/OIDC api , java	2	2626	June 13, 2022
Scope not read i try many ways but still facing issue API	1	1335	December 18, 2023

Invalid_scope when trying to get a bearer token via API in Postman

Related topics