The access token is invalid

Questions
1

I’m very much a newbie when it comes to Okta, so I’m possibly missing something very basic. I’m trying to access the Okta API within a React application.

I’ve started from this sample:

And have got it working as expected. I’ve then modified the Home page to call the Users API by adding the following code within the useEffect:

fetch("https://xlio.okta.com/api/v1/users/me", {
  headers: {
    Authorization: 'Bearer ' + authState.accessToken,
  }
}).then(value => console.log(value));

I’ve confirmed that the okta.users.read.self scope is granted for the application that I’ve created within the Okta admin UI.

The above code results in a 401 error, with the message “The access token is invalid.”

I suspect I’m missing something very basic, but am not sure what it might be. I would greatly appreciate a pointer in the right direction, or hints as to how to debug this.

Thanks!

2

Hi, two things you should probably check are that:

  1. You are requesting the okta.users.read.self scope in your authorize request and that the token itself contains this scope
  2. The token was minted by the Org Authorization Server and not a Custom Authorization Server (https://developer.okta.com/docs/concepts/auth-servers/#org-authorization-server). The sample that you linked to is using a Custom Authorization Server.
1 Like
3

Thanks @dzeller.

I wasn’t requesting the okta.users.read.self self scope in the authorize request, but doing so doesn’t change the behaviour that I’m seeing :frowning:. How would I check “that the token itself contains this scope”?

I believe that I’m using the Org Authorization Server. My org is called “xlio” and I’ve set ISSUER to https://xlio.okta.com/oauth2/default in the testenv file.

4

@paulbutcher that would be the issuer of a Custom Auth Server (specifically the default one). The Org Authorization Server’s issuer would just be https://xlio.okta.com
See https://developer.okta.com/docs/guides/implement-oauth-for-okta/overview/ for more information on using scoped tokens intended for Okta

5

Ah! I think the penny’s just dropped. Thank you!

6

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.