Hello All,
I am creating OIDC Client using Dynamic Client Registration API (Okta Java SDK). I was able to create the client using DefaultOIDCApplicationBuilder and set the JWKS keys on the client.
Now, I am trying to update the JWKS on Client.
Steps
- I retrieve the Client/Application using Client.getApplication(clientId)
- Cast the Application retrieved in Step 1 to DefaultOpenIdConnectApplication
- Set JWKS keys on the Applicaiton
- Call DefaultOpenIdConnectApplication.update() after setting the JWKS keys
I get below error
com.okta.sdk.resource.ResourceException: HTTP 403, Okta E0000006 (You do not have permission to perform the requested action), ErrorId oaeFQx4CeCoQ8edfQWQStMhAQ
But I think I have the right scopes set on the Application I used to to connect to Okta.
The Okta API scopes on the application are:
okta.clients.read
okta.clients.register
okta.clients.manage
okta.apps.manage
Any idea what I might be doing wrong ? Or do I need any other API scope set/configuration for updating JWKS keys of existing client ?