The token provided has insufficient scope [bonus_api] for this request

Hi all,

I am trying to get a token from okta with client credentials and trying to validate that token in java application.

I created a web application on okta.

I created a custom scope.

I got a token with Postman with client credentials.

But when I try to validate that token in java I get this error.
Code : 403
www-authenticate: Bearer error=“insufficient_scope”, error_description=“The token provided has insufficient scope [bonus_api] for this request”, error_uri=“”, scope=“bonus_api”

Here is my java configuration.

    grantType: client_credentials
    clientId: 0oah1zm05Y7BinmIS356
    clientSecret: xxxxxxxxxxxxx
    rolesClaim: groups
    scope: bonus_api

My pom.xml


What can be the problem? Is my java configuration wrong?

Thanks in advance.

Any difference if you also include openid scope:

scope: openid bonus_api

Unfortunately no difference

What are the required scopes in your access policy? That may be where validation is failing.

It was my mistake. In SecurityConfig I was trying to check If token had a particular role, group etc.


But when I got token with client credentials there was no role, group etc.

So I changed my code like this and it worked.

1 Like