Invalid_scope when trying to get a bearer token via API in Postman

I am trying to create a pre-request script to automatically get a bearer token when I run an API in Postman. I have the script set up and I am trying to use the following scopes: “openid email profile groups siteline”. siteline is something specific to our project. If I take out “siteline”, the API runs, but I get back an “access_denied” which I assume is because of the missing scope. Am I not allowed to use this “custom” scope in the API request?

I saw this issue: Authorizing Okta scopes: invalid scope error
but even with using /oauth2/v1/authorize instead of /oauth2/default/v1/authorize, I still get the invalid scope error.


I can’t comment on the Postman setup.

On the Okta side, for custom scopes (non standard OAuth2/OIDC scopes) you need to use a custom authorization server and create/configure the scope accordingly.

  • /oauth2/v1/authorize is the authorize endpoint for your Org authorization server and can’t have custom scopes configured.
  • /oauth2/default/v1/authorize is the authorize endpoint for a predefined custom authorization server which can have custom scopes, but they need to be added.

Below is a link for creating scopes in a custom authorization server.

Thank You,

1 Like