Ouath 2 /token endpoint return invalid_credentials

Hello everyone

I’m trying to create an integration with Okta for our customers. I’ve created a custom integration in Okta with type of OIDC as a Web Application. I’ve configured the callback url and in general settings i’ve checked the Authorization Code and the Refresh token.

The authorization_url (which is created in our system and is exposed through our portal) seems like this:

https://{{my_instance}}/oauth2/v1/authorize?response_type=code&client_id={public_key}}&redirect_uri={{my_configured_redirect_uri}}&scope=okta.groups.manage+okta.groups.read+okta.users.manage+okta.users.read+okta.users.read.self&state={{state}}
which seems ok to me.

The redirect uri posts back the authorization code, which im trying to exchange for an access_token. The /token endpoint returns:

401 error
invalid_client: Client authentication failed. Either the client or the client credentials are invalid.
I expect the oauth2 flow and the /token endpoint to work without problems.

Any help is appreciated.

Hi, checkout this example - Implement authorization by grant type | Okta Developer

Ensure that you pass client credentials as basic auth (base 64 encoded). Your password will be plain text. For example

curl --request POST \
  --url https://${yourOktaDomain}/oauth2/v1/token \
  --header 'accept: application/json' \
  --header 'authorization: Basic MG9hY...' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080&code=P59yPm1_X1gxtdEOEZjn'

2 Likes

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.