Passthrough auth for Web Service (API) Skip to main content
https://support.okta.com/help/answers?id=9062a000000qurpqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Spencer JonesSpencer Jones 

Passthrough auth for Web Service (API)

I have a web front end that's using Okta, and a backend API that is a separate application. I want the users of the front end to be able to query the API directly with AJAX and authenticate/authorize with Okta.

I can add SAML auth using Okta to both apps, but I don't know how to 'share' or generate the auth token for the API in a way that is transparent to the user. How can I achieve this?
Thomas KirkThomas Kirk (Okta, Inc.)
Typically, you won't want to SAML enable the API endpoints as it isn't the best solution for API's. However, Okta's API Access Managment will be able to handle both of these flows.

If you OIDC enable your web app and then protect your API's with OAuth 2.0 you will get the desired authn/authz. 

For example, when the user navigates to the app they can click "login" to login to Okta. Okta can return an ID Token (OIDC) and an Access Token (API Access Managment). The ID Token will contain information about the user that you can display in the app. The Access Token can be passed to your API to grant access to the API.

Your exact use may be different as you can use a handfull of technologies (SAML, OIDC, OAuth) depending on your use cases.

Check out this example of an Angular Front End and Spring Boot API backend: https://developer.okta.com/blog/2017/12/04/basic-crud-angular-and-spring-boot