Okta API- Resource owner password flow /token



Hi, I am trying to implement username password login on the defualt authorization server and get a token with /token endpoint. however i get this Error :
Bad request. Accept and/or Content-Type headers likely do not match supported values.

I am setting Accept header to application/json and content-type to application/x-www-form-urlencoded

this is the guide I was following:

My node.js code is here

axios.defaults.headers.common[‘authorization’] =
‘Basic ‘+ Buffer.from(provider.clientId+’:’+provider.clientSecret).toString(‘base64’);
axios.defaults.headers.common[‘accept’] = ‘application/json’;
axios.defaults.headers.common[‘content-type’] = ‘application/x-www-form-urlencoded’;

let body = {

  username: username,

  password: password,

  scope: 'openid profile email'


Any help would be appreciated, thanks :slight_smile:


Hi @ahmed,

Have you tried using curl or postman to make the request?
I have tested this flow using the postman collection and it works fine.

Try the curl request in this link and check if that works - https://developer.okta.com/authentication-guide/implementing-authentication/password#2-using-the-resource-owner-password-flow


The problem was with the body as its a javascript object, when i turned it to a string and added the params to it like a form it worked


Hey @ahmed, I’m curious what your use case is. Why do you want to use the resource owner password grant here? Are you building a totally customized login form?


yes, I am building a custom form , where the credentials pass by my server before going to okta