The endpoint does not support the provided HTTP method

curl -v -X POST -H “Content-type:application/x-www-form-urlencoded” "” "client_id=0oa12q40pQWdEa9BX4x6&client_secret=5epLPZHmXamAc_znFgmkSGa1KAaORD2nU9hqwUYR&grant_type=authorization_code&redirect_uri=http://localhost:8080/content-catalog/login&code=l4pfjvskiaogqrjh0mje”.
This is the url I am trying to hit.But constantly getting the error :{“errorCode”:“E0000022”,“errorSummary”:“The endpoint does not support the provided HTTP method”,“errorLink”:“E0000022”,“errorId”:“oaeQcGqhUcWT7asditRk6CDNw”,“errorCauses”:[]}.

Can anyone help me with this?

Do you specify an authorization header?

Can you try formatting your curl request like this (from this guide):

curl --request POST \
  --url https://${yourOktaDomain}/oauth2/default/v1/token \
  --header 'accept: application/json' \
  --header 'authorization: Basic MG9hY...' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080&code=P59yPm1_X1gxtdEOEZjn'
1 Like

Ummm.No .I dont.Do I need to do that?what is can you share the format?

I have now added the authirisation header.
I had to convert the client id and secret into base64 .Following is the new request-

curl --location --request POST ‘
–header ‘Accept: application/json’
–header ‘Content-type: application/x-www-form-urlencoded’
–header ‘Authorization: Basic MG9hMTJxNDBwUVdkRWE5Qlg0eDY6NWVwTFBaSG1YYW1BY196bkZnbWtTR2ExS0FhT1JEMm5VOWhxd1VZUg==’
–data-urlencode ‘grant_type=authorization_code’
–data-urlencode ‘redirect_uri=http://localhost:8080/content-catalog/login’
–data-urlencode ‘code=jmnfp2shpipnplzexbur’.

But ,now the error is {
“error”: “invalid_grant”,
“error_description”: “The authorization code is invalid or has expired.”
The code is new (<60 seconds) and not even logged(definitely not used) into the portal.
Why is it invalid then?

Can you ensure that you’re using the same Authorization Server and clientId in your /authorize request, with the URL looking like this:

Also, keep in mind that you can only use the code once, so any subsequent calls to the /token endpoint with the same code will result in an error