Password grant: Bad request. Accept and/or Content-Type headers likely do not match supported values


#1

Hey,

New to Okta, I got this error

Bad request. Accept and/or Content-Type headers likely do not match supported values.

when using content-type: application/json.

It went successful with content-type: application/x-www-form-urlencoded:

curl --request POST --url https://mycompany/v1/token
 --header 'accept: application/json'
 --header 'authorization: Basic abcd...'
 --header 'cache-control: no-cache'
 --header 'content-type: application/x-www-form-urlencoded'
 --data 'grant_type=client_credentials&scope=myscope'

Question is does Okta not support application/json at the moment ?

Thanks in advance!


Okta API- Resource owner password flow /token
#2

Hi @wayne! You are getting this error because the /token endpoint only supports Content-Type: application/x-www-form-urlencoded.

This is defined in the OAuth 2.0 specification. You can read more about how the Password Grant works if you’re curious.

Why do you need to post application/json to this endpoint?


#3

Hi Nate,

Thanks for the rfc reference. Its interesting to know that the endpoint returns json, but not accepting the same encoding.

I guess the question goes to why not making the encoding consistent, any advantage using url-encoding over json? After a few searching, okta actually supports application/json in an old endpoint:

https://developer.okta.com/docs/api/resources/tokens

Does the new endpoint do so just coz of rfc ?


#4

OAuth 2.0 uses form encoding for these endpoints, and Okta implements the OAuth 2.0 standard.

Can you give me more information about what you are building? I might be able to suggest an easier approach.