The access token is invalid

I’m very much a newbie when it comes to Okta, so I’m possibly missing something very basic. I’m trying to access the Okta API within a React application.

I’ve started from this sample:

And have got it working as expected. I’ve then modified the Home page to call the Users API by adding the following code within the useEffect:

fetch("", {
  headers: {
    Authorization: 'Bearer ' + authState.accessToken,
}).then(value => console.log(value));

I’ve confirmed that the scope is granted for the application that I’ve created within the Okta admin UI.

The above code results in a 401 error, with the message “The access token is invalid.”

I suspect I’m missing something very basic, but am not sure what it might be. I would greatly appreciate a pointer in the right direction, or hints as to how to debug this.


Hi, two things you should probably check are that:

  1. You are requesting the scope in your authorize request and that the token itself contains this scope
  2. The token was minted by the Org Authorization Server and not a Custom Authorization Server ( The sample that you linked to is using a Custom Authorization Server.

Thanks @dzeller.

I wasn’t requesting the self scope in the authorize request, but doing so doesn’t change the behaviour that I’m seeing :frowning:. How would I check “that the token itself contains this scope”?

I believe that I’m using the Org Authorization Server. My org is called “xlio” and I’ve set ISSUER to in the testenv file.

@paulbutcher that would be the issuer of a Custom Auth Server (specifically the default one). The Org Authorization Server’s issuer would just be
See for more information on using scoped tokens intended for Okta

Ah! I think the penny’s just dropped. Thank you!