<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AIcrIbCQJOkta Classic EngineMulti-Factor AuthenticationAnswered2026-01-25T09:00:28.000Z2024-12-23T16:00:32.000Z2024-12-31T17:09:57.000Z

nnr0b (nnr0b) asked a question.

Edited December 23, 2024 at 4:03 PM
Error 400 When Making Postman API Calls to Okta REST APIs Integrated with Microsoft ADFS for Multi-Factor Authentication (MFA)

I am creating Okta REST APIs with Postman, following the documentation at https://developer.okta.com/docs/reference/rest/*get-an-access-token-and-make-a-request.

However, when I attempt to call Get New Access Token, I receive a 400 Bad Request response.

My URL is:

"oauth2/default/v1/authorize?response_type=code&client_id=xxx&state=2&scope=okta.users.read&redirect_uri=xxx&code_challenge=xxx&code_challenge_method=S256"

There are no apparent errors in the System Log.

Image is not available
 

Image is not available
 

Please suggest a possible root cause.

Thank

  • 2 answers
  • 298 views

  • MatthewH.10249 (State of Iowa)

    If you have a custom domain/url for your Okta instance you might need to change your authorization server endpoint URL. It looks like in the first screenshot you provided that the "Auth URL" and "Access Token URL" both are using ".../default..." authorization server. Replace the "default" with the ID of your custom authorization server found by going to "Security -> API -> Authorization Servers". If you can see the "Issuer URI" for each authorization server at the end shows their IDs. You can also click the name of the custom authorization server you want to use and when you look at the Settings page you can click the "Metadata URI" and see all the different endpoint URLs noting that they show the unique ID as well.

     

    Since you are getting a 400 error from Okta it should have logged something to the logs. I suggest you do another test while watching the logs and view the details of anything that happens during your test even if it does not look like an error and see if it gives you any hints. Also take a look at the complete URL in your browser's address bar when you see the 400 error (second screenshot) as it might contain some error information.

     

    The following is another post where someone had a similar 400 error and they were told to double check the client id so that is something you should review as well.. https://devforum.okta.com/t/400-bad-request-for-authorize-endpoint/24543

     

    Lastly, make sure your app is set up with "Sign-in redirect URIs" in Okta set to your "Callback URL" that your screenshot show "...oauth-pstmn.io...".

    Expand Post
This question is closed.
Loading
Error 400 When Making Postman API Calls to Okta REST APIs Integrated with Microsoft ADFS for Multi-Factor Authentication (MFA)