We used okta for sso integration, Using application client credentials, able to generate access_token.
When we use client credentials to create access_token, it generate token and it is for the admin user who created the application.
But our scenario is to authenticate the other users exist in the Okta peoples.
For example when access_token generated is valid for 1 hour for the admin. Using the access token we tried to search the user in the postman api call,
But it is showing invalid authorization server. So I added default authoriation server.
Then it is started to giving below error saying method not found.
{
“errorCode”: “E0000022”,
“errorSummary”: “The endpoint does not support the provided HTTP method”,
“errorLink”: “E0000022”,
“errorId”: “oaeAATwtKgNQPKtUJn7uYMc-Q”,
“errorCauses”:
}
Any how if use post or get method the response is same. So i wanted to check how can I authenticate the other users exist in the okta.
Attaching sample curl command used to search the user based on email.
You should not include the authorization server ID in your request to any of the management endpoints. This endpoint should still be /api/v1/users. However, in your example curl you have included search parameters, which means this request should be a GET instead of a POST, which is likely why you received a 405, "The endpoint does not support the provided HTTP method previously.
it give the response as below. and in post man it is failing with error code 400
Bad Request
The authorization server id is invalid
Our problem to resolve here.
Once user is redirected to okta site by enter the username and password, upon successful redirect to our application, then we generate the api token using client_id and client_secret, which will return us the access_token and Id token.
Using access_token we tried to verify the user exist in the okta.
As you suggested for the above api,it is returning error.
And also once the user is logged in to the site, adn we perform logout api call from postman via api or through browser direct call, It is responding as 200 - Ok. But the actual session is not terminated from Okta.
Becuase when the next time user redirected to the okta login page, it is having an active login session and it is authenticated successfully and redirected to the application page
So need help in
Searching the user by email through api.
Logout API to logout the current user logged into the okta server.
What Authorization Server issued the Access Token you are using as authorization for this request?
If you are going to make API calls to Okta Management endpoints (like /api/v1/users), you will need to receive this token from the Org Authorization Server and ensure the app is granted the necessary scopes (in this case, okta.users.read) and, since you mentioned Client Credentials flow, that it is assigned an admin role with sufficient permissions to access this endpoint.