I’m attempting to use the Okta API to retrieve an access token via postman. Currently, I have everything working with calling the /authn endpoint first to get the sessionToken, then calling the /authorize endpoint to get back the access token. However, in doing this, I’ve found that I need to setup Postman to include the clientSecret of the app I’m calling against which I need to avoid doing to allow our QE team to replicate this via automation scripts.
Is there a way to retrieve an accesstoken without using the client secret?
As a follow up note, I also would like to make it so the response from Okta returns a simple json object as today I’m having it return using the response_mode: form_post and parsing the html to get the hidden input value for accessToken. I would like to make that easier by just parsing a json response, but from what I have found I can’t see anything that does that currently.