One or more scopes are not configured for the authorization server resource. okta code example
Example: invalid_scope 'Custom scopes are not allowed for this request.' okta
# define allowed scoped ( https://developer.okta.com/docs/guides/implement-oauth-for-okta/define-allowed-scopes/)
# to list the avilable scopes use:
curl -X POST \
-H 'Accept: application/json' \
-H "Authorization: SSWS ${api_token}" \
-H 'Content-Type: application/json' \
-d '{
"scopeId": "okta.users.read",
"issuer": "https://{yourOktaDomain}"
}' "https://${yourOktaDomain}/api/v1/apps/client_id/grants"