Unable to generate Access Token for my application using Postman

Hi Team
I am new to OKTA and following the instruction in the below link and stuck at
Step 3. Exchanging the Code for Tokens

I am using Postman for the API request. and getting the following Error
“error”: “invalid_client”,
“error_description”: “Browser requests to the token endpoint must use Proof Key for Code Exchange.”

I am sending clientId and client Secret in base 64 encoded separated by :(collon).
Please Help.


Hi @akshdeep

Starting with version 2019.03.2 in preview and 2019.04.0 in production, Okta supports authorization code flow with PKCE client-side. This means that the authorization code and code verifier can be sent through browser requests to the /token endpoint of the authorization server. Any other OIDC flow would need to have the request to /token endpoint done through server side.

The difference between client side requests and server side requests on /token endpoint is done by checking for “Origin” header, if the header is present, then the request is client-side.

In Postman, this issue usually occurs when you are using the browser plugin instead of the native application. The browser plugin Postman is sending automatically an Origin header containing “file://” and the application’s ID.

Can you please download the native version of Postman from here and try again?

Ahhhh!! spend a lot of time on that error…
Thanks a lot
One more thing i would like to ask is that can i also get the Email ID along with access token?


Hi @akshdeep

If you have API Access Management feature enabled on your Okta org, you can create a custom claim as mentioned here to add the email value inside the access token.