We’ve a backend service where in we would like to retrieve all users/groups. We tried to use client credentials flow, but unable to make the call.
as prer this article, it says that for Machine to machine case, we need to use custom aurhorization server but custom authroziation server token doesn’t contain Okta API Scopes.
|Machine-to-Machine or Microservices|Yes|No|
|Mint Access Tokens with Okta API Scopes|No|Yes|
I know one way is to use SSWS token. but wondering if there is any way where we can use it usnig clientid/secret ?
Appreciate any pointers on what is the best way to do this ?
You need to look into Implementing OAuth for Okta, where you can enable scopes within an application, which would give you an ability to get users/groups
You need to use the org authorization server to get tokens containing Okta API Scopes. So, while our documentation indicates that a custom authorization server needs to be used for M2M use cases, it doesn’t address making requests to Okta resources and is written instead to help with applications that involve protecting your own resources.
Definitely follow the guide@phi1ipp shared about how to set this up, because it definitely sounds like the right fit for you. Just make sure you understand that we do NOT support client secret based authentication for this flow and you must use private_key_jwt auth instead.