V1/token is returning 401 unauthorized

jelbatnigi · March 26, 2020, 6:26pm

I am trying to implement the Authorization code PKCE flow in my angular application

Here is how my /Authorize call looks like

https://{domain}/oauth2/auspx13uvj6xxxxxxxxx/v1/authorize?response_type=code&client_id=0oap5zbsyzbxxxx&state=F1ZiLJvZJ4RSReb6Ks-NuSCfsjqhr1KYx9YjFQXOIJR8D&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Flogin&scope=openid%20groups%20profile%20email&code_challenge=n_BCC0MF4Bs7Yd2GaAtycxxxxxxS_MF3-8wBc&code_challenge_method=S256&nonce=F1ZiLJvZJ4RSReb6Ks-NuSCfsjqhr1KYx9Yxxxx

In the redirect I get the Authorization_code back

http://localhost:4200/login?code=6og7fphNBXShxxxxxxx&state=F1ZiLJvZJ4RSReb6Ks-NuSCfsjqhr1KYx9YjFQXOIJR8D

When the /token call goes out to get the access token I keep getting 401 unauthorized error not sure why.

https://{domain}/oauth2/auspx13uvj6eHxxxxx/v1/token
the error is:
{“error”:“invalid_client”,“error_description”:“No client credentials found.”}

and the parameters are going with the post request

grant_type: authorization_code
code: 6og7fphNBXShxxxxxx
redirect_uri: http://localhost:4200/login
code_verifier: _V-RkYs5k73YWAYGcRL5eV2iyxxxxxxxxoGK
client_id: 0oap5zbsyzbH1xxxxxxxx
https://{domain}/oauth2/auspx13uvj6exxxxxxxxx/v1/token

I have SPA application setup. Not sure if this is the correct application setup in okta for this workflow to work? Can you please point me to the right direction?
here is a screen shot of my OKTA app

dragos · March 27, 2020, 12:41am

Hi @jelbatnigi

The request looks correct, however the 401 means that Okta could not read the values provided. Can you please let me know what is the format in which you are sending the payload to the /token endpoint (application/x-www-form-urlencoded, application/json, etc.)?

jelbatnigi · March 27, 2020, 2:37am

Hi dragos,
I just found out the problem. I am using an interceptor in my app so I can intercept any http call and attach the Bearer token in my header for autherization with my APIs.
so the /token call was getting intercepted and adding “Authorization: Bearer null” to the header causing it to fail.
now I need to make sure I intercept the right calls.

Thanks!

ButterNgo · June 8, 2020, 3:14am

hi @jelbatnigi so i have the same please problem, please help me share how can you solve it?
thanks

anshuman1 · December 31, 2020, 4:45pm

did you get the solution?

erik · December 31, 2020, 6:07pm

Hello,
There is an Angular sample app that demonstrates using an interceptor. In this case the interceptor only adds the headers for specific routes.

system · January 19, 2024, 12:37am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.