403 when using /oauth2/:authServerId/v1/token endpoint Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmcnqaq&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Austin MontoyaAustin Montoya 

403 when using /oauth2/:authServerId/v1/token endpoint

Hi there,

I'm trying to integrate SSO into an internally-distributed command line interface. I would like to enable the following OAuth / OpenID setup:

- Command line interface authenticates using the /oauth2/:authServerId/v1/token endpoint with the password grant type, requesting the "openid" and "groups" scopes. On success, it receives an access token
- Access token is forwarded in the Authorization header while making a request to the Resource Server
- Resource Server uses access token with attached claims to fetch groups from /oauth2/:authServerId/v1/userinfo, and validates group membership before serving request

The security-related assumptions here are that the client secret is not at risk of being exposed due to tightly controlled app distribution, and that the access token has to be valid in order to retrieve group info for authorization on the Resource Server.

An ID token would be more straightforward, but it does not appear there is an endpoint that currently supports issuing such a token using the password grant type.

In any event, I seem to always get a 403 when making a POST request to the /oauth2/:authServerId/v1/token, with no error code. I've tried with differently configured clients, bodies with no params specified, all params specified; the result is always the same.

Are things configured incorrectly, is this not possible with Okta, or is some other problem at play?
 

Ezazul BhuiyanEzazul Bhuiyan (Okta, Inc.)
Hi Austin,

Thank you for contacting Okta support. Please use this script AuthorizationCodeFlow.py script from here https://github.com/SohaibAjmal/Okta-OpenId-Scripts 
to test and let us know if you get a 403 using it.
Most likely the 403 might be because of postman and let us know if you are getting this error using the script.

http://developer.okta.com/docs/api/resources/oauth2.html#token-authentication-method

Thank you,

Okta Support
WebTeam DeveloperWebTeam Developer
Can your provide an example that works in Postman to return JWT. I cannot get it to work.