I'm trying to create an integration with Okta for our customers. I've created a custom integration in Okta with type of OIDC as a Web Application. I've configured the callback url and in general settings i've checked the Authorization Code and the Refresh token.
The authorization_url (which is created in our system and is exposed through our portal) seems like this:
https://{{my_instance}}/oauth2/v1/authorize?response_type=code&client_id={public_key}}&redirect_uri={{my_configured_redirect_uri}}&scope=okta.groups.manage+okta.groups.read+okta.users.manage+okta.users.read+okta.users.read.self&state={{state}}
which seems ok to me.
The redirect uri posts back the authorization code, which im trying to exchange for an access_token. The /token endpoint returns an
invalid_client: Client authentication failed. Either the client or the client credentials are invalid.
I expect the oauth2 flow and the /token endpoint to work without problems.
Any help is appreciated.
Ιn the end, their /token endpoint requires BasicAuth which means in my request i had to pass the client_id & client_secret as username and password. We had this integration in my company for like 2 years now, but i ugess Okta changed something from their side? No idea. Thank's again!!