How do I properly set up an oauth 2 authorization server? Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Marcus MarquardtMarcus Marquardt 

How do I properly set up an oauth 2 authorization server?

I am attempting to set up a service secured by client credentials following

Upon completing the code, I recieve the "Unable to retrieve access token from Okta" exception defined in the OktaTokenService.

Debugging, I discovered the response is BadRequest, so I decided to take a look at the default authorization server.

With the default authorization server I first notice there is no access_token scope defined, so I defined one.

Following that, I tried the token preview from the configured client using client credentials and the new scope, but get and Internal Server Error.

What am I missing here?
Fabian BahnaFabian Bahna (Okta, Inc.)

Hi Marcus, 

Is this error one that you can reproduce reliably, or a one-time event? If it can be reproduced, then I recommend opening up a case with Customer Support, to troubleshoot further.

I tried to look into the error for a quick fix, however there are a lot of factors we need to check like the request format for example. 

I added a documentation link below that should help, in case you missed it.

Marcus MarquardtMarcus Marquardt
Hi Fabian,

This issue is reproducible with a freshly created authorization server and I have opened a support ticket, per your recommendation.

Request format should be irrelevant, as I am getting the Internal Server Error using Okta's own token preview mechanism when I test selecting my app, client_credentials, and my test_scope.

This doesn't seem to be a policy issue, as restricting policy further gives a message stating the policy failed, rather than an Internal Server Error.

I did take a look at the authorization server docs, but found nothing wrong with my default or test setups that I could see.