Hello!
Authorization button doesn't work with Okta JWT token provider and `clientCredentials` flow.
Having `securitySchemes` section like:
securitySchemes: publicApiKey: type: apiKey name: Authorization in: header myOAuth2: type: oauth2 flows: clientCredentials: tokenUrl: https://my.okta.com/oauth2/default/v1/token scopes: api_public: access to the endpoint
Dev portal web UI always sends `origin` header. Okta responds with `Access-Control-Allow-Origin` when creds are valid, but the response code is 401 and the body:
{ "error": "invalid_client", "error_description": "Browser requests to the token endpoint must use Proof Key for Code Exchange." }
Thus, I question is it possible to change something on Apigee side to prevent sending `origin` header at least for the `clientCredentials` flow?
My point here: any server besides Okta should consider requests with `origin` header as browser requests and thus it has its right to respond with an error when it expects a call from a server.
----
This is not similar but close to https://community.apigee.com/questions/61809/dev-portal-invocation-external-oauth.html as Okta is customizable and can respond with the same header as the origin in the CORS header.
Artem, let me see if I can find someone to help out with this question.
I cannot locate the CSS style sheets for any of the pages in the portal that I have created. 1 Answer
Spec editor renders openAPI tags, but portal does not 1 Answer
Integrating API Developer portal Open API specification security schemes with Okta. 1 Answer
Integrated Developer Portal User Management B2B and B2C Scenarios 0 Answers