We have an application using Okta as our IDP. We have enabled the PKCE flow in the application since that is the recommended flow for our SPA
We would like to be able to create an integration test to automatically invoke some of our APIs and have the appropriate groups in the claims in the token we get. However, we can't enable both the PKCE and client_credentials grant types. We get an error about invalid grant types when we add them both via API.
The error we get is:
{
"errorSummary": "token_endpoint_auth_method: 'token_endpoint_auth_method' is invalid. Valid values: [client_secret_basic, client_secret_post, client_secret_jwt, private_key_jwt]."
},
{
"errorSummary": "grant_types: 'grant_types' is invalid. Valid values: [implicit]."
}
What is the right way to get a token for testing an application via headless script that is using the PKCE flow?
The tutorial here ended up doing exactly what we needed without reconfiguring the app.
Essentially the right approach is to use the PKCE flow to get a code using user credentials then exchange that code for a token.