I was running this through Postman and everything seems to work, but using code it failed.

When running this through Postman works:

https:// [yourdomain.okta.com/oauth2/v1/token

with body params of:

grant_type authorization_code

client_id YOURCLIENTID

redirect_uri REDIRECTURI

code AUTHORIZATION CODE FROM /authorize

code_verifier CODEVERIFIER

But running through Java code after getting the ‘code’ value:

       HashMap<String, String> headers = new HashMap<>();
        headers = new HashMap<>();
        headers.put("Content-Type", "application/x-www-form-urlencoded");
        headers.put("Accept", "*/*");
        headers.put("Connection", "keep-alive");

        JSONObject requestParams = new JSONObject();
        requestParams.put("grant_type", "authorization_code");
        requestParams.put("client_id", some_client_id);
        requestParams.put("redirect_uri", some_callback_url);
        requestParams.put("code_verifier",some_code_verified);
        requestParams.put("code", code);

        RestAssured.baseURI = accessTokenURL;
        RequestSpecification request = SerenityRest.given();   
        request.headers(headers);
        request.body(requestParams.toString());
        Response post = request.post();

Getting the following response:

{
“errorCode”: “invalid_client”,
“errorSummary”: “A client_id must be provided in the request.”,
“errorLink”: “invalid_client”,
“errorId”: some_error_id,
“errorCauses”: [

]

}

These seems to be the exact parameters used in Postman, am Im missing something (ie: like client_secret_id) ?

Hi @peterh1! Yes, grant_type=authorization_code requires a client_secret per - OpenID Connect & OAuth 2.0 API | Okta Developer when calling the token endpoint. Please try again and confirm.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.