Thank you mcguinness. This is a regular spring web application, so I guess I have to use token endpoint as you suggested but I am getting missing client credentials with token end point even though I am providing client id and secret.
Our requirement is if the user exists in OKTA, authenticate the user, generate token and redirect user to a different domain with the token.
These are the steps I was trying before.
1.authenticate user with /api/v1/authn call
2. generate token using /oauth2/v1/authorize. since this is returning html response, I can’t use this as you mentioned.
so if I use /oauth2/v1/token, do I still have to authenticate the user using /api/v1/authn or can I directly use /oauth2/v1/token with password grant type?
Here is my api req.
params.add("scope", "openid offline_access");