Hello there. I am trying to build an integration into our CLI program and I am trying to pull the users for a customers okta account. I was given a client id and client secret. I am trying to authenticate to get a bearer token with these credentials, but everything I see in the documentation refers to a SSWS token which is generated in the UI.
The issue with this token is the permissions associated with it. Since I am a third party to this okta instance, they don’t want me to have full access to their account and other apps/integrations. Does anyone have a link to the documentation or know how I can authenticate to get a token so I can retrieve a user list with my given okta.users.read scope?
Documentation for OAuth for Okta Management APIs can be found here.
*Even in the case where using a bearer token for management calls the user that acquires the access token still needs to be part of an admin group that provides enough privilege for whatever management API endpoint is being called.
I have tried everything in that documentation and was unable to get a token.
I even went through this: Get an Access Token and don’t have a callback url. Just a client id and client secret. Is there another way to get a token?
I forgot to mention I also get this error when trying to follow the link above:
Your request resulted in an error. Clients with ‘application_type’ of ‘service’ are not allowed to access the ‘authorize’ endpoint.
Check out this guide instead, its written for Service applications (where there is no user) and only involves the /token endpoint: Implement OAuth for Okta with a service app | Okta Developer