Unable to invoke any Get-Okta* cmdlets using API Key-based auth instead of Client ID authentication

[LCOPSCA]

A session to the API cannot be established when trying Get-OktaUser:

Get-OktaUser -UserID <redacted user> Error calling the Okta API (Status Code 403) : {"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005"

Config I would expect to work:

$OktaConfiguration = Get-OktaConfiguration $OktaConfiguration.BaseURL = "https://<redacted org>.okta.com" $OktaConfiguration.ApiKey = "<RedactedAPIKEY>" $OktaConfiguration.Scope = "okta.users.read"

I have tried variations of using "SSWS " as well as just the API key for the ApiKey value, and setting $OktaConfiguration.ApiKeyPrefix to "SSWS" as well as leaving it empty.

I am able to run the following script successfully:
$apikey = "<redacted APIKEY>" $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add("Accept", "application/json") $headers.Add("Content-Type", "application/json") $headers.Add("Authorization", "SSWS $apikey") $response = Invoke-RestMethod 'https://<redacted org>.okta.com/api/v1/users/<redacted user id>' -Method 'GET' -Headers $headers $response | ConvertTo-Json

It looks as though the Powershell cmdlets aren't crafting the authorization header correctly when using APIKey-based authentication.