Is it possible to generate a token using /auth/oauth/v2/token without providing the mag-identifier or device identifier if we are not requesting the token for a mobile device? Currently if we don't pass the mag-identifier/device iedentifier in the header, we get the below error:
{
"error": "invalid_request",
"error_description": "The given mag-identifier is either invalid or points to an unknown device"
}
Release : 10.1/OTK 4.x
User registered the client id with scope that contains msso. The policy /auth/oauth/v2/token calls the encapulated assertion OTK Scope verification that checks the scope and see if it contains msso, then it will need to validate mag-identifier or device identifier.
Registered a new client id with scope does not contains msso. It worked using the new Client id/ClientSecret with grant_type=client_credentials.