Unable to generate Access Token for my application using Postman

Hi Team
I am new to OKTA and following the instruction in the below link and stuck at
Step 3. Exchanging the Code for Tokens

I am using Postman for the API request. and getting the following Error
{
“error”: “invalid_client”,
“error_description”: “Browser requests to the token endpoint must use Proof Key for Code Exchange.”
}

I am sending clientId and client Secret in base 64 encoded separated by :(collon).
Please Help.

Hi @akshdeep

Starting with version 2019.03.2 in preview and 2019.04.0 in production, Okta supports authorization code flow with PKCE client-side. This means that the authorization code and code verifier can be sent through browser requests to the /token endpoint of the authorization server. Any other OIDC flow would need to have the request to /token endpoint done through server side.

The difference between client side requests and server side requests on /token endpoint is done by checking for “Origin” header, if the header is present, then the request is client-side.

In Postman, this issue usually occurs when you are using the browser plugin instead of the native application. The browser plugin Postman is sending automatically an Origin header containing “file://” and the application’s ID.

Can you please download the native version of Postman from here and try again?

Ahhhh!! spend a lot of time on that error…
Thanks a lot
One more thing i would like to ask is that can i also get the Email ID along with access token?

Thanks

Hi @akshdeep

If you have API Access Management feature enabled on your Okta org, you can create a custom claim as mentioned here to add the email value inside the access token.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.