MattM.47662 (Customer) asked a question.
Using Python to implement a backend service call to verify a user by login. The token call comes back with a token but the users call always return Invalid Token. Custom authentication 'default' server, etc, is all set up correctly. Note if I generate a token in the API Tokens tab and copy it into my program the users call works fine. What am I doing wrong? Here is the code:
client_domain = os.getenv('SECRET_DOMAIN', None)
client_id = os.getenv('SECRET_APP_ID', None)
client_secret = os.getenv('SECRET_APP_SECRET', None)
url = f"https://{client_domain}/oauth2/default/v1/token"
data = {'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret}
response = requests.post(url, data=data)
accesstoken = response.json()["access_token"]
login = urllib.parse.quote(incoming.login)
user_url = f"https://{client_domain}/api/v1/users/{login}"
bearer = f"SSWS {accesstoken}"
headers = {"Authorization": bearer,
"Accept": "application/json", "Content-Type": "application/json"}
response = requests.get(user_url, headers=headers)
b'{"errorCode":"E0000011","errorSummary":"Invalid token provided","errorLink":"E0000011","errorId":"oaegW6pmocCSL62-_4yHG3E-Q","errorCauses":[]}'
Hi @MattM.47662 (Customer),
Thank you for posting on the Okta community page!
In order to make an API call on an Okta endpoint, you need to supply a valid API token in the HTTP
Authorization header, as you have done when going on the API tokens tab.
Without this API token, the error will persist as Okta will not allow for the API call to be completed.
Additionally, keep in mind that the API Tokens inherits the permissions from the admin account that created it. I have provided bellow a couple of KB articles about API tokens that might be helpful for your use case:
My advice would also be to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
I hope the above information is helpful!