For an internal trusted product, we want to use the Resource Owner Password flow as described here https://developer.okta.com/docs/guides/implement-password/use-flow.
POST https://dev-....oktapreview.com/oauth2/default/v1/token
Accept: application/json
Authorization: Basic MG9hdz... // base64(clientid:clientsecret)
Content-Type: application/x-www-form-urlencoded
grant_type=password
&username=...
&password=...
&scope=openid
Unfortunately I get the following error message, the grant_type is not supported.
{
"error": "unsupported_grant_type",
"error_description": "The authorization grant type is not supported by the authorization server. Configured grant types: [authorization_code, password]."
}
Is there a problem in the API or am I using the call incorrectly? Allowed grant types Use resource owner password and client authentication as client credintials is set in the application.