One or more scopes are not configured for the authorization server resource. okta code example

Example: invalid_scope 'Custom scopes are not allowed for this request.' okta

# define allowed scoped ( https://developer.okta.com/docs/guides/implement-oauth-for-okta/define-allowed-scopes/)
    # to list the avilable scopes use:
    curl -X POST \
    -H 'Accept: application/json' \
    -H "Authorization: SSWS ${api_token}" \
    -H 'Content-Type: application/json' \
    -d '{
          "scopeId": "okta.users.read",
          "issuer": "https://{yourOktaDomain}"
    }' "https://${yourOktaDomain}/api/v1/apps/client_id/grants"