Okta responds with 403 if the client credentials are included in both the basic auth header and the params when calling Okta's API to exchange an authorization code for the token. The oauth2 library by default includes the client_id in the params.
Moreover, the response from Okta with the token is JSON-encoded, and oauth2 does not a priori support JSON encoding.
Pull request #2 fixes both of these these issues by reimplementing AuthCode.get_token and configuring jason as a coder for the application/json mimetype.
GitHub led me to a 404 when I submitted the issue previously. It looked like an error happened and the issue didn't get created and so I double-posted.
Okta responds with 403 if the client credentials are included in both the basic auth header and the params when calling Okta's API to exchange an authorization code for the token. The
oauth2
library by default includes theclient_id
in the params.Moreover, the response from Okta with the token is JSON-encoded, and
oauth2
does not a priori support JSON encoding.Pull request #2 fixes both of these these issues by reimplementing
AuthCode.get_token
and configuringjason
as a coder for theapplication/json
mimetype.