okta / okta-sdk-dotnet

A .NET SDK for interacting with the Okta management API, enabling server-side code to manage Okta users, groups, applications, and more.
Other
158 stars 100 forks source link

`Custom scopes are not allowed for this request` when using `PrivateKey` #753

Open gao-artur opened 1 week ago

gao-artur commented 1 week ago

Describe the bug?

It worked in 7.0.6 but doesn't work in all versions between 8.0.0 and 9.0.0.

When trying to use any API with PrivateKey, the following exception is thrown:

Okta.Sdk.Client.ApiException: Error calling GetBearerToken: {"error":"invalid_scope","error_description":"Custom scopes are not allowed for this request."}
    at Okta.Sdk.Api.OAuthApi.GetBearerTokenWithHttpInfoAsync(CancellationToken cancellationToken)
   at Okta.Sdk.Api.OAuthApi.GetBearerTokenAsync(CancellationToken cancellationToken)
   at Okta.Sdk.Client.DefaultOAuthTokenProvider.RequestAccessTokenAsync(CancellationToken cancellationToken)
   at Okta.Sdk.Client.DefaultOAuthTokenProvider.GetAccessTokenResponseAsync(Boolean forceRenew, CancellationToken cancellationToken)
   at Okta.Sdk.Client.DefaultOAuthTokenProvider.AddOrUpdateAuthorizationHeader(RequestOptions requestOptions, String requestUri, String httpMethod, CancellationToken cancellationToken)
   at Okta.Sdk.Api.ApplicationApi.GetApplicationWithHttpInfoAsync(String appId, String expand, CancellationToken cancellationToken)
   at Okta.Sdk.Api.ApplicationApi.GetApplicationAsync(String appId, String expand, CancellationToken cancellationToken)
   at TestProject2.UnitTest1.TestMethod1() in C:\Users\Artur\source\repos\TestProject2\UnitTest1.cs:line 21

What is expected to happen?

The API call should succeed.

What is the actual behavior?

ApiException: Error calling GetBearerToken: {"error":"invalid_scope","error_description":"Custom scopes are not allowed for this request."}

Reproduction Steps?

Add config to appsetting.json

{
  "Okta": {
    "Client": {
      "OktaDomain": "xxx",
      "ClientId": "xxx",
      "AuthorizationMode": "PrivateKey",
      "PrivateKey": {
        "p": "xxx",
        "kty": "RSA",
        "q": "xxx",
        "d": "xxx",
        "e": "xxx",
        "use": "sig",
        "qi": "xxx",
        "dp": "xxx",
        "alg": "RS256",
        "dq": "xxx",
        "n": "xxx"
      },
      "Scopes": [
        "okta.apps.manage"
      ]
    }
  }
}

Try getting the application

var api = new ApplicationApi();
var app = await api.GetApplicationAsync("app id");

Additional Information?

No response

.NET Version

8.0.403

SDK Version

9.0.0

OS version

BuildNumber Caption OSArchitecture Version
19045 Microsoft Windows 10 Enterprise 64-bit 10.0.19045
bryanapellanes-okta commented 1 week ago

@gao-artur Thanks for bringing this to our attention. I've entered an internal ticket for tracking and prioritization: OKTA-824760