We’re trying to get started with the API and finding it difficult.
Our use case is the ability to get a list of Users and their associated Apps on behalf of a client at any given time.
So we act as a middleware between Okta and another 3rd Party; the Client Authorizes us to collect information, we collect it and output it in a specific manner.
Now; for the technical stuff;
We created the Developer Account and an App within it. We’re able to Authorize via standard OAuth2 flow (Authorize > [Callback] > Token) to get our Access Token.
However, when we then attempt to hit an API (passing the token via the Authorization Header (as Bearer)), we get a 403 with no response body. I believe there is a problem somewhere in our flow but I’m not sure where.
I also note, that when I created another Dummy Org (i.e. mycompany.okta.com vs. my dev-1234.oka.com), I was unable to complete the OAuth2 flow against that Org
Can you confirm how you are requesting a token and if you are trying to use this token against Okta’s own /api/v1/users endpoint or against your own API?
If you need to make calls into the target Okta org, you will want to review our guide about OAuth for Okta for Service apps, as it will walk you through the steps you need to complete to set up the application (!important, the client auth must be private_key_jwt and you’ll need to enable the required scopes within Okta), the Authorization server you need to make requests against (the org server, aka https://mycompany.okta.com/oauth2/v1/token), the scopes you need to request (in this case, okta.users.read) and how to include it as auth in the subsequent token request (as a Bearer token in the Authorization header)