Trouble calling /token

I am trying to make a post call to get the /token after authorization is done and I received the authorization code

first I have a web application with client_id and a client secret
here is my app in OKTA

second I make the /authorize call


third I receive the code in the redirect uri


Now I am trying to get the token by calling

In the documentation ( client_id is not required parameter
If I don’t pass it in I get the following error

“errorCode”: “invalid_client”,
“errorSummary”: “Invalid value for ‘client_id’ parameter.”,
“errorLink”: “invalid_client”,
“errorId”: “oaeOHRRhicyTY6Vo3VKIBFvvQ”,
“errorCauses”: []

if I pass it in I get the following error

“error”: “invalid_client”,
“error_description”: “Client authentication failed. Either the client or the client credentials are invalid.”

also my application has a client_secret do I need to pass it as well? and if I do I get the following error:

“error”: “invalid_grant”,
“error_description”: “The authorization code is invalid or has expired.”

Any idea what’s going on… am I passing the request correctly I set the Content-Type to application/x-www-form-urlencoded

any help is appreciated.

the /token call requires authentication in this flow and this looks to be missing from your setup based on the available details.
please take a look at the guide on implementing the authorization code flow at to see all the needed parts in this configuration