PKCE token without a browser returns 405 for GET (following tutorial from support)

joe_white101 · October 5, 2021, 12:07am

I would like to get an access token for an Okta app that is configured for PKCE. The goal is to use the token as part of integration tests to validate appropriate access controls on methods.

I am following the tutorial here:
https://support.okta.com/help/s/article/How-to-get-tokens-for-an-OIDC-application-without-a-browser-using-curl-Postman?language=en_US

And when I get to step 2 I make the call with the sessionToken but I’m getting a 405 Method Not Allowed. I’m sending a GET as it is done in the tutorial but it doesn’t seem to work. POST fails in the same way.

is that How-to article valid? Anything i can do to troubleshoot this 405 response?

I’ve attached a screenshot of my request

My request URL is

{{url}}/oauth2/v1/default/authorize?client_id={{clientId}}
&response_type=code
&response_mode=form_post
&scope=groups
&redirect_uri={{redirectUri}}
&state={{state}}
&nonce{{$guid}}
&code_challenge_method=S256
&code_challenge={{codeChallenge}}
&sessionToken={{sessionToken}}

Cale · October 5, 2021, 12:32pm

Hello! I think maybe your URL is malformed. Instead of

{{url}}/oauth2/v1/default/authorize

you’ll want to do:

{{url}}/oauth2/default/v1/authorize

joe_white101 · October 5, 2021, 2:26pm

You are correct thanks! I also had the base URL wrong for the second case.

I’m past that stage in the tutorial but not sure where to get the code in that response in step 2 but I can keep digging now.

nsheikh · October 9, 2021, 11:38am

Are you referring to the code verifier and code challenge? or the code that will be returned by the authorize api?

system · February 10, 2024, 1:01am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.