I want to test the Okta clientId and clientSecret provided by customer for OIDC configuration in my application. The only API I see helpful is the token API ({issuerURI}/oauth2/default/v1/token) but this API requires the admin to create a custom scope for the authorization server to be passed as value for "scope" parameter along with "grant_type: client_credentials". This impacts the user experience.
The existing default scopes such as "openid, email, profile" etc. do not work with "client_credentials" grant_type.
Is there a way to validate the clientId and clientSecret?
OKTA: Validating clientId and clientSecret for OIDC configuration in Okta
451 views Asked by Sumit Jindal At
1
The only way to validate client_id/secret is to try to authenticate and get a token.
As there is no user involved, you don't use the classic openid or email scopes, because the client_credentials flow is only for machine-to-machine communication and in this flow you don't need any user details.
You can configure the backend to include custom claims if you need to.