"The authorization server id is invalid" error while trying api endpoints using Postman

Hi

I’m very new to Okta. I’ve been following the tutorial for an SPA using React, implementing Login/Logout functionality. It works fine.

The issue I’m facing is when I’m trying to hit endpoints using Postman. I am able to hit the /authorize endpoint and get the access_code and id_token. I’m able to hit /userinfo as well. But when I try to hit any of the
https://${yourOktaDomain}/api/v1/ endpoints. Whenever I do, I get Status 400, and checking the logs in Postman, this is what’s returned in the Response Header:

www-authenticate: Bearer authorization_uri="http://${yourOktaDomain}/oauth2/v1/authorize", realm="http://${yourOktaDomain}", scope="okta.myAccount.read", error="invalid_request", error_description="The authorization server id is invalid.", resource="/api/v1/myaccount"

I think the issue is with authorization_uri, as I believe it should be /oauth2/default/v1/authorize
It’s missing the authorization server ID, i.e. “default” in this case. Is that correct?

If so, any idea how to fix that? I’m sure there might be a configuration step I’m missing. Any help is appreciated.

Thanks

@him89088 Hi,
Please check the doc for the authorization server types.

It depends on if you have the access to custom auth server (include default custom and custom authorization servers): Authorization Servers | Okta Developer. To verify that, you can check if you have the access to metadata:
xxxx/.well-known/openid-configuration
If not have the access, you can only use Okta org server: Authorization Servers | Okta Developer

Are you having this 400 error with all of our /api/v1/ endpoints? How are you authorizing your call: are you trying to use OAuth tokens for authorization for these endpoints?

Hi

I’m using the Default Custom Authorization Server. And when I hit the /.well-known/openid-configuration endpoint, I get Status 200 response, along with the metadata object.

Yes @andrea I am getting the 400 error with all the /api/v1/ endpoints. I am following the steps in the link you provided through Postman. I am able to get the token, and set it as well. I am just not able to hit any /api/v1/ endpoints.

First off, if you are using OAuth for Okta, you need to use the Org authorization server when requesting tokens to send back to Okta, e.g. https://org.okta.com/.well-known/openid-configuration. Confusingly, this is different from the one we call “Default,” so make sure you’re using the right one! At this time, custom authorization servers (like Default) are incompatible with OAuth for Okta and Access Tokens issued by these servers cannot be used against Okta’s own management endpoints.

Second, when you do use the Org server, what scopes are you requesting?

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.