Client Provider: Exchange Request access gives invalid token error

SYMPTOM

There was an error while talking to Access Management (trx id 6867fd89732d62c1) Error: { "message": "Failed to create client in external OpenID 
Connect provider", "error": "Request failed with status 401 and response {\"errorCode\":\"E0000011\",\"errorSummary\":\"Invalid token provided\",\"errorLink\":
\"E0000011\",\"errorId\":\"oae893rHluDRWWa2-cAYzFXow\",\"errorCauses\":[]}", "upstream": { "status": 401, "data": 
{ "errorCode": "E0000011", "errorSummary": "Invalid token provided", "errorLink": "E0000011", "errorId": "oae893rHluDRWWa2-cAYzFXow", "errorCauses": [] } } }
 Bad Gateway (502)

CAUSE

This could be due to either of two things below:

1. An invalid token configured in Anypoint.
2. Token expired on the provider side.

SOLUTION

Work with your Okta admin for this for the following scenarios. You can refer to the corresponding Okta documentation for more details.

1. An invalid token is configured in Anypoint

Going to Anypoint > Access Management > Client Providers configuration > Authorization Header value has an invalid token. Make sure when you copy the token from your provider it is then prefixed with SSWS {TOKEN} as described in Configure OpenID Connect Client Management.

2. Token expired on the provider side

The provider generates a new token (e.g. Okta tokens expire after 30 days of inactivity).

2.1. Navigate to Okta>  Security > API > Tokens and click the Create Token button.
NOTE: This step is general guideline work with your Okta admin for this, since sometimes the UI and/or requirements changes.

2.2. Update Anypoint > Access Management > Client Provider configuration > Authorization Header with the new token value, and remember to prefix with SSWS {TOKEN}.