Need help with hitting okta /authorize endpoint for access token

Currently trying to get access token from okta which is required for the endpoint testing that I’m doing in Java.

I am currently using the okta-auth-java sdk and can authenticate and establish connection to okta with my credentials and I get a session token in response which I want to exchange for an access token

I’ve been scouring the forums for information and it seems there are two approaches with /token and /authorize for getting the access token, but I can’t use /token

This is the code I currently have for http request to /authorize that I had seen on another post

WebTarget authorization = ClientBuilder.newClient()
.target(“https://xxxxxx.oktapreview.com/oauth2/default/v1/authorize”)
.queryParam(“response_type”, “token”)
.queryParam(“scope”, “openid”)
.queryParam(“state”, “TEST”)
.queryParam(“nonce”, “TEST”)
.queryParam(“client_id”, “xxxxxxxxxxxx”)
.queryParam(“redirect_uri”, “https://xxxxxxxxxx.com”)
.queryParam(“sessionToken”, authenticationResponse.getSessionToken().toString()); Response accessToken = authorization.request().get();

EDIT: so if I try hitting the fully generated URL from the above code with a HttpRequest instead of using WebTarget I don’t get a PXIX Error, but it doesn’t return much at all in the HttpResponse, just the URL and a status 302 (meaning the redirect worked), how do I get the access token from here? This is the code I’m trying now

HttpRequest request = HttpRequest.newBuilder(URI.create(“https://xxxxxxx.oktapreview.com/oauth2/v1/authorize?client_id=xxxxxxxxxxx&redirect_uri=https%3A%2F%2Fxxxxx.xxx-xxxx.xxxxxxx.com&response_type=token&state=TEST&nonce=TEST&display=page&sessionToken=” + authenticationResponse.getSessionToken() + “&scope=openid%20email”))
.GET()
.build();

I just responded to you over here to recommend implicit flow: Do I need the client secret to get access token for backend testing - #2 by andrea

as long as you are sending the sessionToken over in the /authorize call and the user is assigned and there are no other mfa policies that they will run into for the specific application, it should work. Maybe take a look at this article: How to get tokens for an OIDC application without a browser using curl/Postman | Okta Help Center