Hi Team
I am new to OKTA and following the instruction in the below link and stuck at
Step 3. Exchanging the Code for Tokens
I am using Postman for the API request. and getting the following Error
{
“error”: “invalid_client”,
“error_description”: “Browser requests to the token endpoint must use Proof Key for Code Exchange.”
}
I am sending clientId and client Secret in base 64 encoded separated by :(collon).
Please Help.
Starting with version 2019.03.2 in preview and 2019.04.0 in production, Okta supports authorization code flow with PKCE client-side. This means that the authorization code and code verifier can be sent through browser requests to the /token endpoint of the authorization server. Any other OIDC flow would need to have the request to /token endpoint done through server side.
The difference between client side requests and server side requests on /token endpoint is done by checking for “Origin” header, if the header is present, then the request is client-side.
In Postman, this issue usually occurs when you are using the browser plugin instead of the native application. The browser plugin Postman is sending automatically an Origin header containing “file://” and the application’s ID.
Can you please download the native version of Postman from here and try again?
Ahhhh!! spend a lot of time on that error…
Thanks a lot
One more thing i would like to ask is that can i also get the Email ID along with access token?
If you have API Access Management feature enabled on your Okta org, you can create a custom claim as mentioned here to add the email value inside the access token.