invalid_dpop_proof :: The DPoP proof JWT header is missing.

Loading

Skip to Navigation Skip to Main Content

Search

Search

Select Language

0D54z0000A3qLf7CQEOkta Classic EngineAPI Access ManagementAnswered2024-03-21T16:06:59.000Z2024-03-21T03:44:09.000Z2024-03-21T16:06:59.000Z

User17068504049963223642 (Customer) asked a question.

March 21, 2024 at 3:44 AM

invalid_dpop_proof :: The DPoP proof JWT header is missing.

Hello Team,

I am trying to get the token from OKTA authorization server using postman.

Details are

URL-https://dev-99776972.okta.com/oauth2/default/v1/token

Headers-

Accept-application/json

Authorization-Basic {yourBase64EncodedCredentials}

Content-Type-application/x-www-form-urlencoded

Body

grant_type-client_credentials

scope-api

When I am post this in postman I am getting the below error

{

"error": "invalid_dpop_proof",

"error_description": "The DPoP proof JWT header is missing."

}

What settings or parameter i am missing here, can you please help me

API Access Management

User16594883467582706479 (Customer Support Online Experience)
2 years ago
Hi, @User17068504049963223642 (Customer)

Thank you for posting on our Community page!

Newly created Service Apps in Okta require DPoP ever since the February Monthly release:
https://help.okta.com/en-us/content/topics/releasenotes/production.htm#panel2

There's more info on this being enabled by default here:
https://support.okta.com/help/s/article/enforce-token-binding-for-machine-to-machine-application-service-integrations?language=en_US

and the guide on how to implement this here:
https://developer.okta.com/docs/guides/dpop/oktaresourceserver/main

Thank you for reaching out to our Community and have a great day!

--
Ask the Experts: Okta Device Access Product Team Now Thru 3/22
Expand Post

This question is closed.

Recommended content

Forum

The filename is invalid or missing - uploading cetificate

Forum

Loading

invalid_dpop_proof :: The DPoP proof JWT header is missing.