Follow these steps to verify that your Okta OIDC application is correctly configured to issue id_token, access_token, and refresh_token.
Step 1: Open the Authorization Server configuration in Okta
- Sign in to your Okta Admin Console.
- Go to Security > API.
- Select the Authorization Server used by your OIDC application (e.g., default).
Step 2: Use the Token Preview
- On the Authorization Server's details page, click the Token Preview tab.
- In the Request Properties form, enter the following values:
| Field | Value |
|---|---|
| OAuth/OIDC client: | <Your Okta OIDC App Name> |
| Grant type: | Authorization Code |
| User: | <Select a test user from your Okta directory> |
| Scopes: |
|
| Note | The form fields are search-based and may appear disabled until you begin typing. For Scopes, add each one individually as tag-style entries. |
Step 3: Verify refresh token is present
- Click Preview Token.
- If the configuration is correct, the Preview section will show three tabs:
- id_token
- token (access token)
- refresh_token
- If the refresh_token tab is missing:
- Ensure the offline_access scope is included.
- Confirm that the Refresh Token is checked in the General Settings, APPLICATION, Grant type section of the OIDC applications.