SPA Application get access token with code and PKCE got 403 response

julian · May 21, 2020, 7:25am

I added a SPA application in my sandbox.

As below are steps I tried to retrieve access token:

Primary auth to get a sessionToken and I can get sessionToken successfully
a. POST to {{url}}/api/v1/authn
b. Post body:
{
“username”: “{{username}}”,
“password”: “{{password}}”,
“options”: {
“multiOptionalFactorEnroll”: false,
“warnBeforePasswordExpired”: false
}
}
Get CODE by using sessionToken from step 1: {{url}}/oauth2/v1/authorize?client_id={{clientId}}&response_type=code&response_mode=query&scope={{scopes}}&redirect_uri={{redirectUri}}&state=testSTATE1&nonce={{$guid}}&sessionToken={{sessionToken}}&code_challenge=SkNfsVeQqEkR-yFPANbPIHIdzZRbJVMy9KP6idjLtPo&code_challenge_method=S256
Get ID Token with Code and PKCE. And I got 403 response at this stage
a. POST to {{url}}/oauth2/v1/token
b. Request header:
Accept: application/json
User-Agent: PostmanRuntime/7.24.1
Cache-Control: no-cache
Postman-Token: 683e95d3-9fca-43b8-a8b4-073ab6ad70b0
Host: dev-183482.okta.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 294
Cookie: t=default; DT=DI0P0baP1OQTe-N9iX2LgaIpw; proximity_5c040d49b336c83244cceef329fba387=6BR79x3gGpN7tSI9YDcIIWUHa8Fe0jqz/+2xHuJqGZ9AprRZZ3KV/t00sgZOHdz3tKqQBfHjH8pOEwH5R/IK6bSuLJOm/bFa0ByYRUZQu1UcPyMO7eeM4H16fcfNN9spnfXJRqP5+donbL0JoEo+9hsrNeStTtCt3MeS7OdoAG9dbqzoG+F2t0ObnD1ShZM4; JSESSIONID=5BE5A7B29F68ECB143E26902D529D8C2; sid=102ZhtzfcTIS_G24M9CG_yEmg

c. Request body:
grant_type: “authorization_code”
client_id: “0oacnnw02Z22ZsxUT4x6”
redirect_uri: “http://localhost:8080/implicit/callback”
code: “8EMzAtFbuJFtBJwPKVWv”
code_verifier: “4EE_utEnDfyPnbyaVmGT6Jw.1SDupKnS6FeFozdV2E7HC8sdRWiXp~PsXoiRK4w5jHQsaxPRtjkWlL_AhOBRRstqCjAx9n1F4o~a-sWhsbUmgrBHjaYBKhkOrGRB5.xC”

Anyone could help?

mraible · May 21, 2020, 12:50pm

Are you making these calls manually? What framework are you using? Our SDKs might be able to make this a lot easier for you. In the meantime, this blog post might help.

vijet · May 21, 2020, 4:52pm

Quoting @andrea from a previous question

Please clear your cookies and try again. It should work.

julian · May 21, 2020, 11:28pm

Thanks guys! Clearing cookie did the magic.

system · January 24, 2024, 7:38pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
PKCE token without a browser returns 405 for GET (following tutorial from support) Questions	4	3356	October 9, 2021
Auth flow to get token for validating deployed API (PKCE) Questions	6	3621	February 6, 2024
Okta PKCE with Postman API Automation OAuth/OIDC	4	2217	February 15, 2024
Unable to use PKCE auth when creating a SPA application Questions	2	3197	July 4, 2021
Authorization Code Flow with PKCE using Angular SPA in IE 11 gives 403 when requesting token Questions	10	5683	September 9, 2020

SPA Application get access token with code and PKCE got 403 response

Related topics