BrunoM.38675 (Customer) asked a question.
Hi, i've been trying to experiment with the token exchange flow in okta but i'm always getting the following error:
{"error":"access_denied","error_description":"The resource owner or authorization server denied the request."}
Im sending:
POST <my auth server(not the default)>/v1/token
Authorization: Basic <base64(client_id:client_secret)>
Body: subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&audience=<the-auth-server-audience>&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&scope=<a-valid-scope>&subject_token=<access token from the same auth server>
Could it be that the limitation is because of being the same auth server minting the subject_token and doing the token exchange?
Thanks!
Hello @BrunoM.38675 (Customer) Thank you for reacting out to our Community!
Do you have "API Access Management" SKU on the org that you are using? If you do not then that would be the problem that is causing this error. As mentioned in the article below:
https://community.auth0.com/t/error-with-okta-as-oauth2-identity-provider-oidc-connection/96405
If you would like this feature, please reach out to your Account execute at Okta to purchase this feature.
Community members help others by clicking Like or Select as Best on responses. Try it today.
Join us for the Okta Workflows Ask Me Anything (AMA) on Oct 26. Submit your questions today.