I have now added the authirisation header.
I had to convert the client id and secret into base64 .Following is the new request-
curl --location --request POST ‘https://dev-977966.okta.com/oauth2/default/v1/token’
–header ‘Accept: application/json’
–header ‘Content-type: application/x-www-form-urlencoded’
–header ‘Authorization: Basic ********************’
–data-urlencode ‘grant_type=authorization_code’
–data-urlencode ‘redirect_uri=http://localhost:8080/content-catalog/login’
–data-urlencode ‘code=jmnfp2shpipnplzexbur’.
But ,now the error is {
“error”: “invalid_grant”,
“error_description”: “The authorization code is invalid or has expired.”
}.
The code is new (<60 seconds) and not even logged(definitely not used) into the developer.okta.com portal.
Why is it invalid then?