I am using OIDC and okta's /oauth2/v1/authorize API to get the access_token. But it just returns the HTML of the redirect_uri.
My API looks like this,
`GET /oauth2/v1/authorize?
`response_type=code,token,id_token&client_id=*******&scope=openid&redirect_uri=http://localhost:8000 HTTP/1.1
Host: xome.okta.com
Content-Type: application/json
Please let me know what is wrong here.
If you are using cURL to call the url, you should call it like below
curl -v -D https://org-name.okta.com/oauth2/v1/authorize
If you are using a REST client to call this url then yes it would return the redirect uri. Because this is implicit flow which is to be called from browser. When you call this url from browsers (JavaScript or copy paste in url and press enter) you will be redirected to redirectUri and token (id token and or access token) will be in the url of redirected app like below.
http://localhost:/redirectUri/#id_token=eyJhbGcxx....
Therefore, right way to use this is call it from JavaScript and read url in redirected app and get id/access token.
