Using postman or angular to access my okta protected spring boot service

I have my spring boot app protected with okta with a client id and client secret.
when I am trying to access the api thru the browser I get redirected to okta login page and after logging in my requests work.
However, this won’t work with postman obviously and I am struggling with how I can perform authentication calling my spring boot service from postman or angular. i probably need the access token and refresh token but do not know exactly how.
i would be very thankful for a simple guide step by step on how to call my api from postman and/or from angular - the existing documentation is confusing for me.

Hi @advii

To access the application through Postman, you will need to do the following:

  1. Authenticate the user through API and pass the MFA challenge if required in order to get a sessionToken.
  2. Pass the sessionToken as a query parameter to the /authorize endpoint as shown here; this request will authenticate and authorize the user, sending the details to the Spring Boot application.

Still not clear.

what am I doing wrong here?
I use this call in postman:


and I get a html response (why? why not json?) saying that I have to enter the redirect_uri as it is in the application details. so in my application details it is: http://localhost:8080/login/oauth2/code/okta. whether I put it like this or use my domain instead of localhost, I still get the redirect_uri error!

Hi @advii

The redirect_uri that you are passing on the /authorize endpoint needs to be added in Okta under Admin >> Applications >> your OIDC application >> General tab >> Login Redirect URIs section. Can you please add it and try once again?

f… me why is this process so complicated. I so hate it already.
and again, why, even though I specify prompt = none, I get html content?!

those are my settings:

Login redirect URIs
Logout redirect URIs
Login initiated by App Only
Initiate login URI http://localhost:8080/login/oauth2/code/okta

btw, the call works in oidbc debugger webpage , but only with the redirect uri, not with the first one.