Unable to access users endpoint using Client credential grant flow

Questions
#1

Hi Okta Expert,

I am trying to access an /users endpoint with bearer token.
To create an access token i am using client credential flow which is mentioned in the below document. Overview | Okta Developer

Access token gets created successfully using below request

curl --location --request POST 'https://demo.okta.com/oauth2/default/v1/token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic d0TlEzNTc6NTVoRV9SMUE1aHVVTEhzblduWkhSUVhCdlNKM3JrRjRqQ1N3Skg0OQ==' \
--header 'Cookie: DT=DI0leFfJI65RjiE6MwbPmTFqg; JSESSIONID=487ED3C0D352A99CD31EBA99930ADA07' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=custom'

But when i execute GET on /users endpoint it is throwing an 401 unauthorize error.

As per the document i had created an custom scope in custom authorization server and granted okta.users.read scope to application.

Can any one please help me here.

#2

You must use the built-in Org Authorization Server to get tokens to use against Okta APIs with the Okta API scopes. You do not need to create any custom scopes for this purpose as these scopes are created for you on the un-customizable Org Authorization Server.

I recommend checking out the guide we have for how to create a Service app (which uses Client Credentials flow) to get these tokens.