The access token is invalid

paulbutcher · April 15, 2020, 5:16pm

I’m very much a newbie when it comes to Okta, so I’m possibly missing something very basic. I’m trying to access the Okta API within a React application.

I’ve started from this sample:

And have got it working as expected. I’ve then modified the Home page to call the Users API by adding the following code within the useEffect:

fetch("https://xlio.okta.com/api/v1/users/me", {
  headers: {
    Authorization: 'Bearer ' + authState.accessToken,
  }
}).then(value => console.log(value));

I’ve confirmed that the okta.users.read.self scope is granted for the application that I’ve created within the Okta admin UI.

The above code results in a 401 error, with the message “The access token is invalid.”

I suspect I’m missing something very basic, but am not sure what it might be. I would greatly appreciate a pointer in the right direction, or hints as to how to debug this.

Thanks!

dzeller · April 15, 2020, 5:49pm

Hi, two things you should probably check are that:

You are requesting the okta.users.read.self scope in your authorize request and that the token itself contains this scope
The token was minted by the Org Authorization Server and not a Custom Authorization Server (https://developer.okta.com/docs/concepts/auth-servers/#org-authorization-server). The sample that you linked to is using a Custom Authorization Server.

paulbutcher · April 15, 2020, 6:09pm

Thanks @dzeller.

I wasn’t requesting the okta.users.read.self self scope in the authorize request, but doing so doesn’t change the behaviour that I’m seeing . How would I check “that the token itself contains this scope”?

I believe that I’m using the Org Authorization Server. My org is called “xlio” and I’ve set ISSUER to https://xlio.okta.com/oauth2/default in the testenv file.

dzeller · April 15, 2020, 9:42pm

@paulbutcher that would be the issuer of a Custom Auth Server (specifically the default one). The Org Authorization Server’s issuer would just be https://xlio.okta.com
See https://developer.okta.com/docs/guides/implement-oauth-for-okta/overview/ for more information on using scoped tokens intended for Okta

paulbutcher · April 16, 2020, 9:32am

Ah! I think the penny’s just dropped. Thank you!

system · January 23, 2024, 11:14pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Authorizing Okta scopes: invalid scope error Questions	4	6881	January 21, 2022
How to access the users data using API? Questions	6	7026	July 12, 2021
Unable to access rest apis Questions	8	4333	February 17, 2021
Problem with Fetching List of Users via API OAuth/OIDC	11	1900	February 16, 2024
Getting 401 after using access token Questions	5	6404	June 19, 2020

The access token is invalid

Related topics