we have developed the apis in our application and have protected them through okta. These APIs will be used by another application to get some data. i tested the apis through browser and it worked but when i try to test it through postman then i get the response code as 200 but nothing in the body. In the Authorization, i have selected Grant Type as client credentials and then passed on the clientid, secret and access token URL and generated the token. i am using this generated while invoking the API but it did not work. While trying out multiple approaches, i found one work around, i hit the API from browser, copied the cookie data and then added the cookie data in the Headers and then i got the real output. This should not be the way it should work. Can someone pls guide.
What requests to Okta aren’t working? What endpoint are you hitting and how have you formatted the request in Okta?
Can you share a screenshot of what you have in Postman? Be sure to censor any sensitive information (like your client secret).
the request works fine when i add cookie header into it but that should not be the case. For any application to application integration, there will not be any end user browser or cookie. I am using spring security for okta implementation, do i need to take any special care in configure method? I am extending WebSecurityConfigurerAdapter class
Which endpoint are you making the request to that needs the cookie header? Is it something that expects cookie auth, like /api/v1/sessions/me or /api/v1/users/me?