I have a working Angular 5 application, using the Okta login container (widget). My application makes calls to a backend API. All of this is working.
I want to make API calls using Postman. I am able to make the authentication calls to Okta and get back an id_token from within Postman. However, when I try to use the token in the call to the API, I get JWT validation errors.
Here are my steps:
I make a call to api/v1/authn to get a sessionToken.
I then supply the session token, and my credentials, in a call to oauth2/default/v1/authorize
This call returns a token in the data.id_token field.
I supply the token (cut and paste within Postman) to a call to my API backend, using Authorization BearerToken, passing the token.
This is the same process I use in my app, but as I said, it isn’t working. I am noticing that in the display of the token in Postman (in the response to the oauth2/default/v1/authorize call) there appear to be escaped characters. In the token I see “\x2D” - this seems to be the cause of my problems.
This may be more of a Postman issue, but I’d thought I’d ask here in case someone is familiar with it. Is there a difference in the return value when the authorize call is made in Postman instead of the Okta widget? Is there a parameter that needs to be set/changed?
Any help would be appreciated.