Unauthorized client error using /token and grant_type of client_credentials

johnb · November 29, 2022, 9:08pm

I’m using Postman to test an Okta API call before I translate it to code.

I’m calling https://XXX.okta.com/oauth2/v1/token and using a valid client_id and client_secret. I’m using a grant_type of client_credentials. (See Screen Shot)

I’m expecting to get back an access_token per the docs, but instead I get the following error:
{
“error”: “unauthorized_client”,
“error_description”: “The client is not authorized to use the provided grant type. Configured grant types: [refresh_token, implicit, interaction_code, authorization_code].”
}

My Okta Administrator tells me that he has turned on all grant types but the call still fails.

My best guess is that something needs to be done on the admin side to enable “client_credentials” to work as a grant type for the /token API call. Can anyone provide specifics about where/how to do that? Thanks.

warren · November 29, 2022, 9:46pm

Just to clarify, are you trying to use the client credentials flow to get an access token to be used with the Okta API (OAuth for Okta) or are you trying to use it with your custom API endpoints (API Access Management)?

johnb · November 29, 2022, 9:54pm

I want to call https://xxx.okta.com/api/v1/users/{user_name} in order to get back an Okta ID in my application.

That call requires an access token and I’m thinking this is the way to get that access token.

warren · November 30, 2022, 12:25am

Ok, looks like you want to use OAuth tokens for Okta API endpoint.

You probably want to ask your Okta admin to create an API Services app for you. It’s possible they created a SPA or Native type app in Okta that don’t have the client credentials option.