CODEWITHSUNDEEP
api
Paramesh
Paramesh

Reputation: 617

Okta API - authn always returns Invalid Session

I'm trying to authenticate an user using the "authn" API:

POST MYACCOUNT.oktapreview.com/api/v1/authn
{
  "username": "[email protected]",
  "password" : "Password123"
}

But this always returns 

{
    "errorCode": "E0000005",
    "errorSummary": "Invalid session",
    "errorLink": "E0000005",
    "errorId": "oael83e1QQxSNuHOlE0VkqBuA",
    "errorCauses": []
}

Any idea why this happens?

When I create the session, I just get a 403 - Forbidden error.

The sessions API works, but I want to use the authn API for a customized login experience.

Thanks for your help.

Upvotes: 8

Views: 12277

Answers (5)

Muni Chittem
Muni Chittem

Reputation: 1126

After spending i found fix , the issue is because of following reasons

  1. The request url should be https instead of http
  2. Authorization header should be SSWS +" "+ api token
  3. Request headers should have either accept or content-type is equal to "applicaiton/json"

Upvotes: 0

McLovin
McLovin

Reputation: 1591

My issue was that I wasn't using the Okta preview url since I was in a preview environment.

https://${org}.okta.com/api/v1/users

Should be changed to 

https://${org}.oktapreview.com/api/v1/users

Upvotes: 0

Paul42
Paul42

Reputation: 304

Expanding on @paramesh's answer (as it is 100% correct) if you're using postman, what I did was add 'Authorization: SSWS API_TOKEN' as a preset header, and then added it when it was missing.

to do this in postman extension for chrome: 1. Click the 'headers' button far to the right 2. Click 'manage presets' 3. Click 'add' 4. Fill in the information (if you've imported the okta environment like in their api test client instructions) then it'd look like this: SSWS {{apikey}} 5. Check headers on other methods, if the authorization header is not there, add it by clicking the 'add preset' button I apologize I don't have enough reputation to leave a comment on the correct answer

Upvotes: 0

MonkeyDreamzzz
MonkeyDreamzzz

Reputation: 4348

I had got the same 403 - Forbidden error. It worked fine in Fiddler but not in my script (Powershell)

URL I used was http but the resource was actually on https. Fiddler moved me with my header information to the https site. In Powershell I lost the header and got the forbidden error.

So changing the URL to https fixed it for me.

Upvotes: 0

Paramesh
Paramesh

Reputation: 617

The issue was because of the Authorization header in the Okta request.

The Authorization header should be 'Authorization: SSWS API_TOKEN' Instead, I was just sending 'Authorization: API_TOKEN'

Upvotes: 17

Related Questions