Hi,
I am trying to make a post call to get the /token after authorization is done and I received the authorization code
first I have a web application with client_id and a client secret
here is my app in OKTA
second I make the /authorize call
https://{domain}.oktapreview.com/oauth2/auspx13uvj6eHSM9c0h7/v1/authorize?client_id=0oar5j158zAyMnxxxxxxxx&state=evauth&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fsignin-oidc&scope=openid%20groups%20profile%20email&nonce=evnonce&response_type=code
third I receive the code in the redirect uri
http://localhost:5000/signin-oidc?code=uugmS_dIOdvk14rk5PGb&state=evauth
Now I am trying to get the token by calling
https://{domain}.oktapreview.com/oauth2/auspx13uvj6eHSM9c0h7/v1/token?grant_type=authorization_code&redirect_uri=http://localhost:5000/signin-oidc&code=feo2Rf8NW6Jr0HXZtQad&client_id=0oar5j158zAyMnrIO0h7
In the documentation (OpenID Connect & OAuth 2.0 API | Okta Developer) client_id is not required parameter
If I don’t pass it in I get the following error
“errorCode”: “invalid_client”,
“errorSummary”: “Invalid value for ‘client_id’ parameter.”,
“errorLink”: “invalid_client”,
“errorId”: “oaeOHRRhicyTY6Vo3VKIBFvvQ”,
“errorCauses”:
if I pass it in I get the following error
“error”: “invalid_client”,
“error_description”: “Client authentication failed. Either the client or the client credentials are invalid.”
also my application has a client_secret do I need to pass it as well? and if I do I get the following error:
“error”: “invalid_grant”,
“error_description”: “The authorization code is invalid or has expired.”
Any idea what’s going on… am I passing the request correctly I set the Content-Type to application/x-www-form-urlencoded
any help is appreciated.