How do I properly set up an oauth 2 authorization server? Skip to main content
https://support.okta.com/help/answers?id=9060z00000078joqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Marcus MarquardtMarcus Marquardt 

How do I properly set up an oauth 2 authorization server?

I am attempting to set up a service secured by client credentials following https://developer.okta.com/blog/2018/02/01/secure-aspnetcore-webapi-token-auth.

Upon completing the code, I recieve the "Unable to retrieve access token from Okta" exception defined in the OktaTokenService.

Debugging, I discovered the response is BadRequest, so I decided to take a look at the default authorization server.

With the default authorization server I first notice there is no access_token scope defined, so I defined one.

Following that, I tried the token preview from the configured client using client credentials and the new scope, but get and Internal Server Error.

What am I missing here?
Fabian BahnaFabian Bahna (Okta, Inc.)

Hi Marcus, 

Is this error one that you can reproduce reliably, or a one-time event? If it can be reproduced, then I recommend opening up a case with Customer Support, to troubleshoot further.

I tried to look into the error for a quick fix, however there are a lot of factors we need to check like the request format for example. 

I added a documentation link below that should help, in case you missed it. 

https://help.okta.com/en/prod/Content/Topics/Security/API_Access.htm

Marcus MarquardtMarcus Marquardt
Hi Fabian,

This issue is reproducible with a freshly created authorization server and I have opened a support ticket, per your recommendation.

Request format should be irrelevant, as I am getting the Internal Server Error using Okta's own token preview mechanism when I test selecting my app, client_credentials, and my test_scope.

This doesn't seem to be a policy issue, as restricting policy further gives a message stating the policy failed, rather than an Internal Server Error.

I did take a look at the authorization server docs, but found nothing wrong with my default or test setups that I could see.