How do I request an access token for a specific resource?
i have several client applications (web app) and several (APIs). Each app can call a select set of those APIs. Is there a way, that I can protect each api. Say by having my client apps request an access token for a specific api? And passing along the user information in the access token?
That didn't really answer my question. I have looked over all the documentation and videos.
Lets say my .NET app, requires access to two separate apis. How do I handle that configuration in okta? Do I have two different authorization servers or one? As in the .net example, I dont really see a way to request an access token from another "authorization server".
Basically we are going to have multiple .net apps and multipe apis. These apps need to be able to call the apis on behalf of the user. Each app will have a certain subset of the apis that is allowed to call.
I am sure someone has done this before, I am just not sure how to mimic that in okta. The documentation is very basic and does not really go into more advanced scenarios.
Is there an example of something like this that I can look at?
You will need separate OIDC in Okta for every web app and for every API you will need an authorization server. For a deeper understanding of your configuration and desired functionality, please open a support ticket via https://support.okta.com/help/open_case so we can better assist you.