Front End:
okta.oauth2.issuer={my_url};okta.oauth2.client-id={my_client_id}
Resource Server:
okta.oauth2.issuer={my_url}
Client configuration:
AppType=Web,
AuthCode grant type is checked
User Consent is checked
All uris set to http:/localhost:8080 - the FrontEnd url
Started both apps. When I enter my credentials and hit sign in.
https://dev-xxx.okta.com/oauth2/default/v1/token fails with
401
{“error”:“invalid_client”,“error_description”:“Client authentication failed. Either the client or the client credentials are invalid.”}
I have verified that the client-id is correct but cannot find the location where the /token call is made from. It looks like the auth_code grant type is being used.
Readme
The repo instructions do not mention setting the client-secret.
I see that the /v1/token request is made from within global.oktacdn.com/okta-signin-widget/5.2.0/js/okta-sign-in.min.js
It doesn’t seem to be passing the client-secret, which I believe is required to exchange the auth_code for a token. Correct?
Form Data contains [client_id, redirect_uri, grant_type=authorization_code, code_verifier, code]
I tried setting another environment variable for the client-secret (on the frontend). No change - still fails with a 401.