Okta spoke and Oauth help

David Nendza
Tera Guru

Has anyone had any success connecting to Okta using the okta spoke, with Oauth?  We followed the instructions in the docs (https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-stor...) and we receive the Oauth token and it seems to be refreshing successfully.  When I go into the Okta Spoke > Okta Groups application and click the 'get groups' button, the flow that runs doesn't work.

When I dig into it, the error it's getting is: Method failed: (/api/v1/groups) with code: 403 - Forbidden username/password combo

 

It's like it's not passing through the oauth credentials and/or the header correctly.

2 REPLIES 2

David Nendza
Tera Guru

I was able to duplicate most of the oAuth setup on a PDI with a dev okta account (please allow the installation of okta spoke in PDI's 😞 ) and I think I know the issue.  While the user had the correct scopes assigned in okta, it also needed to be in the admin group(s) to do the operation.  In my dev okta, I added them to the Group Administrator role and then I was able to call the /groups endpoint successfully. 

Haven't been able to try this with the systems that were failing in my original post yet, but I think this was the issue.

I ran into similar issue ... Only if the user in OKTA who gets the token is admin it works properly... It does not make sense as it should be using the app permissions... or am I missing something?